zecfoundation
/
cloud-foundation-fabric
mirror of https://github.com/ZcashFoundation/cloud-foundation-fabric.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'master' into hybrid-gke-updates

This commit is contained in:
apichick 2023-01-20 13:18:19 +01:00 committed by GitHub
parent 050daa65f2 fef45ed460
commit 6a633390b2
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
79 changed files with 1812 additions and 1367 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
CONTRIBUTING.md
View File

@ -754,7 +754,7 @@ def test_name(plan_summary, tfvars_to_yaml, tmp_path):
assert s.values[address]['project'] == 'my-project' assert s.values[address]['project'] == 'my-project'
``` ```
For more examples on how to write python tests, the tests for [`organization`](./tests/modules/organization/test_plan_org_policies.py) and [`net-vpc`](./tests/modules/net_vpc/test_routes.py) modules. For more examples on how to write python tests, check the tests for the [`organization`](./tests/modules/organization/test_plan_org_policies.py) module.
#### Testing documentation examples #### Testing documentation examples

28
modules/api-gateway/README.md
View File

@ -1,4 +1,4 @@
# Api Gateway # API Gateway
This module allows creating an API with its associated API config and API gateway. It also allows you grant IAM roles on the created resources. This module allows creating an API with its associated API config and API gateway. It also allows you grant IAM roles on the created resources.
# Examples # Examples
@ -15,46 +15,46 @@ module "gateway" {
# ... # ...
EOT EOT
} }
# tftest modules=1 resources=4 # tftest modules=1 resources=4 inventory=basic.yaml
``` ```
## Basic example + customer service account ## Use existing service account
```hcl ```hcl
module "gateway" { module "gateway" {
source = "./fabric/modules/api-gateway" source = "./fabric/modules/api-gateway"
project_id = "my-project" project_id = "my-project"
api_id = "api" api_id = "api"
region = "europe-west1" region = "europe-west1"
spec = <<EOT
# The OpenAPI spec contents
# ...
EOT
service_account_email = "sa@my-project.iam.gserviceaccount.com" service_account_email = "sa@my-project.iam.gserviceaccount.com"
iam = { iam = {
"roles/apigateway.admin" = ["user:user@example.com"] "roles/apigateway.admin" = ["user:user@example.com"]
} }
spec = <<EOT
# The OpenAPI spec contents
# ...
EOT
} }
# tftest modules=1 resources=7 # tftest modules=1 resources=7 inventory=existing-sa.yaml
``` ```
## Basic example + service account creation ## Create service account
```hcl ```hcl
module "gateway" { module "gateway" {
source = "./fabric/modules/api-gateway" source = "./fabric/modules/api-gateway"
project_id = "my-project" project_id = "my-project"
api_id = "api" api_id = "api"
region = "europe-west1" region = "europe-west1"
spec = <<EOT
# The OpenAPI spec contents
# ...
EOT
service_account_create = true service_account_create = true
iam = { iam = {
"roles/apigateway.admin" = ["user:mirene@google.com"] "roles/apigateway.admin" = ["user:mirene@google.com"]
"roles/apigateway.viewer" = ["user:mirene@google.com"] "roles/apigateway.viewer" = ["user:mirene@google.com"]
} }
spec = <<EOT
# The OpenAPI spec contents
# ...
EOT
} }
# tftest modules=1 resources=11 # tftest modules=1 resources=11 inventory=create-sa.yaml
``` ```
<!-- BEGIN TFDOC --> <!-- BEGIN TFDOC -->

29
modules/dns/README.md
View File

@ -21,7 +21,7 @@ module "private-dns" {
"A myhost" = { ttl = 600, records = ["10.0.0.120"] } "A myhost" = { ttl = 600, records = ["10.0.0.120"] }
} }
} }
# tftest modules=1 resources=3 # tftest modules=1 resources=3 inventory=private-zone.yaml
``` ```
### Forwarding Zone ### Forwarding Zone
@ -36,7 +36,7 @@ module "private-dns" {
client_networks = [var.vpc.self_link] client_networks = [var.vpc.self_link]
forwarders = { "10.0.1.1" = null, "1.2.3.4" = "private" } forwarders = { "10.0.1.1" = null, "1.2.3.4" = "private" }
} }
# tftest modules=1 resources=1 # tftest modules=1 resources=1 inventory=forwarding-zone.yaml
``` ```
### Peering Zone ### Peering Zone
@ -47,11 +47,12 @@ module "private-dns" {
project_id = "myproject" project_id = "myproject"
type = "peering" type = "peering"
name = "test-example" name = "test-example"
domain = "test.example." domain = "."
description = "Forwarding zone for ."
client_networks = [var.vpc.self_link] client_networks = [var.vpc.self_link]
peer_network = var.vpc2.self_link peer_network = var.vpc2.self_link
} }
# tftest modules=1 resources=1 # tftest modules=1 resources=1 inventory=peering-zone.yaml
``` ```
### Routing Policies ### Routing Policies
@ -84,7 +85,7 @@ module "private-dns" {
} }
} }
} }
# tftest modules=1 resources=4 # tftest modules=1 resources=4 inventory=routing-policies.yaml
``` ```
### Reverse Lookup Zone ### Reverse Lookup Zone
@ -98,7 +99,23 @@ module "private-dns" {
domain = "0.0.10.in-addr.arpa." domain = "0.0.10.in-addr.arpa."
client_networks = [var.vpc.self_link] client_networks = [var.vpc.self_link]
} }
# tftest modules=1 resources=1 # tftest modules=1 resources=1 inventory=reverse-zone.yaml
```
### Public Zone
```hcl
module "public-dns" {
source = "./fabric/modules/dns"
project_id = "myproject"
type = "public"
name = "example"
domain = "example.com."
recordsets = {
"A myhost" = { ttl = 300, records = ["127.0.0.1"] }
}
}
# tftest modules=1 resources=3 inventory=public-zone.yaml
``` ```
<!-- BEGIN TFDOC --> <!-- BEGIN TFDOC -->

2
modules/dns/main.tf
View File

@ -1,5 +1,5 @@
/** /**
* Copyright 2022 Google LLC * Copyright 2023 Google LLC
* *
* Licensed under the Apache License, Version 2.0 (the "License"); * Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License. * you may not use this file except in compliance with the License.

37
modules/gcs/README.md
View File

@ -8,50 +8,46 @@ module "bucket" {
project_id = "myproject" project_id = "myproject"
prefix = "test" prefix = "test"
name = "my-bucket" name = "my-bucket"
versioning = true
iam = { iam = {
"roles/storage.admin" = ["group:storage@example.com"] "roles/storage.admin" = ["group:storage@example.com"]
} }
labels = {
cost-center = "devops"
}
} }
# tftest modules=1 resources=2 # tftest modules=1 resources=2 inventory=simple.yaml
``` ```
### Example with Cloud KMS ### Example with Cloud KMS
```hcl ```hcl
module "bucket" { module "bucket" {
source = "./fabric/modules/gcs" source = "./fabric/modules/gcs"
project_id = "myproject" project_id = "myproject"
prefix = "test" name = "my-bucket"
name = "my-bucket"
iam = {
"roles/storage.admin" = ["group:storage@example.com"]
}
encryption_key = "my-encryption-key" encryption_key = "my-encryption-key"
} }
# tftest modules=1 resources=2 # tftest modules=1 resources=1 inventory=cmek.yaml
``` ```
### Example with retention policy ### Example with retention policy and logging
```hcl ```hcl
module "bucket" { module "bucket" {
source = "./fabric/modules/gcs" source = "./fabric/modules/gcs"
project_id = "myproject" project_id = "myproject"
prefix = "test"
name = "my-bucket" name = "my-bucket"
iam = {
"roles/storage.admin" = ["group:storage@example.com"]
}
retention_policy = { retention_policy = {
retention_period = 100 retention_period = 100
is_locked = true is_locked = true
} }
logging_config = { logging_config = {
log_bucket = var.bucket log_bucket = "log-bucket"
log_object_prefix = null log_object_prefix = null
} }
} }
# tftest modules=1 resources=2 # tftest modules=1 resources=1 inventory=retention-logging.yaml
``` ```
### Example with lifecycle rule ### Example with lifecycle rule
@ -60,11 +56,7 @@ module "bucket" {
module "bucket" { module "bucket" {
source = "./fabric/modules/gcs" source = "./fabric/modules/gcs"
project_id = "myproject" project_id = "myproject"
prefix = "test"
name = "my-bucket" name = "my-bucket"
iam = {
"roles/storage.admin" = ["group:storage@example.com"]
}
lifecycle_rules = { lifecycle_rules = {
lr-0 = { lr-0 = {
action = { action = {
@ -77,7 +69,7 @@ module "bucket" {
} }
} }
} }
# tftest modules=1 resources=2 # tftest modules=1 resources=1 inventory=lifecycle.yaml
``` ```
### Minimal example with GCS notifications ### Minimal example with GCS notifications
@ -86,7 +78,6 @@ module "bucket" {
module "bucket-gcs-notification" { module "bucket-gcs-notification" {
source = "./fabric/modules/gcs" source = "./fabric/modules/gcs"
project_id = "myproject" project_id = "myproject"
prefix = "test"
name = "my-bucket" name = "my-bucket"
notification_config = { notification_config = {
enabled = true enabled = true
@ -97,7 +88,7 @@ module "bucket-gcs-notification" {
custom_attributes = {} custom_attributes = {}
} }
} }
# tftest modules=1 resources=4 # tftest modules=1 resources=4 inventory=notification.yaml
``` ```
<!-- BEGIN TFDOC --> <!-- BEGIN TFDOC -->

34
modules/gke-cluster/README.md
View File

@ -33,7 +33,7 @@ module "cluster-1" {
environment = "dev" environment = "dev"
} }
} }
# tftest modules=1 resources=1 # tftest modules=1 resources=1 inventory=basic.yaml
``` ```
### GKE Cluster with Dataplane V2 enabled ### GKE Cluster with Dataplane V2 enabled
@ -42,7 +42,7 @@ module "cluster-1" {
module "cluster-1" { module "cluster-1" {
source = "./fabric/modules/gke-cluster" source = "./fabric/modules/gke-cluster"
project_id = "myproject" project_id = "myproject"
name = "cluster-1" name = "cluster-dataplane-v2"
location = "europe-west1-b" location = "europe-west1-b"
vpc_config = { vpc_config = {
network = var.vpc.self_link network = var.vpc.self_link
@ -68,8 +68,36 @@ module "cluster-1" {
environment = "dev" environment = "dev"
} }
} }
# tftest modules=1 resources=1 # tftest modules=1 resources=1 inventory=dataplane-v2.yaml
``` ```
### Autopilot Cluster
```hcl
module "cluster-autopilot" {
source = "./fabric/modules/gke-cluster"
project_id = "myproject"
name = "cluster-autopilot"
location = "europe-west1-b"
vpc_config = {
network = var.vpc.self_link
subnetwork = var.subnet.self_link
secondary_range_names = {
pods = "pods"
services = "services"
}
master_authorized_ranges = {
internal-vms = "10.0.0.0/8"
}
master_ipv4_cidr_block = "192.168.0.0/28"
}
enable_features = {
autopilot = true
}
}
# tftest modules=1 resources=1 inventory=autopilot.yaml
```
<!-- BEGIN TFDOC --> <!-- BEGIN TFDOC -->
## Variables ## Variables

68
modules/gke-nodepool/README.md
View File

@ -16,7 +16,7 @@ module "cluster-1-nodepool-1" {
location = "europe-west1-b" location = "europe-west1-b"
name = "nodepool-1" name = "nodepool-1"
} }
# tftest modules=1 resources=1 # tftest modules=1 resources=1 inventory=basic.yaml
``` ```
### Internally managed service account ### Internally managed service account
@ -27,22 +27,11 @@ If you create a new service account, its resource and email (in both plain and I
#### GCE default service account #### GCE default service account
To use the GCE default service account, you can ignore the variable which is equivalent to `{ create = null, email = null }`. To use the GCE default service account, you can ignore the variable which is equivalent to `{ create = null, email = null }`. This is what the first example of this document does.
```hcl
module "cluster-1-nodepool-1" {
source = "./fabric/modules/gke-nodepool"
project_id = "myproject"
cluster_name = "cluster-1"
location = "europe-west1-b"
name = "nodepool-1"
}
# tftest modules=1 resources=1
```
#### Externally defined service account #### Externally defined service account
To use an existing service account, pass in just the `email` attribute. To use an existing service account, pass in just the `email` attribute. If you do this, will most likely want to use the `cloud-platform` scope.
```hcl ```hcl
module "cluster-1-nodepool-1" { module "cluster-1-nodepool-1" {
@ -52,10 +41,11 @@ module "cluster-1-nodepool-1" {
location = "europe-west1-b" location = "europe-west1-b"
name = "nodepool-1" name = "nodepool-1"
service_account = { service_account = {
email = "foo-bar@myproject.iam.gserviceaccount.com" email = "foo-bar@myproject.iam.gserviceaccount.com"
oauth_scopes = ["https://www.googleapis.com/auth/cloud-platform"]
} }
} }
# tftest modules=1 resources=1 # tftest modules=1 resources=1 inventory=external-sa.yaml
``` ```
#### Auto-created service account #### Auto-created service account
@ -70,12 +60,48 @@ module "cluster-1-nodepool-1" {
location = "europe-west1-b" location = "europe-west1-b"
name = "nodepool-1" name = "nodepool-1"
service_account = { service_account = {
create = true create = true
# optional email = "spam-eggs" # optional
email = "spam-eggs" oauth_scopes = ["https://www.googleapis.com/auth/cloud-platform"]
} }
} }
# tftest modules=1 resources=2 # tftest modules=1 resources=2 inventory=create-sa.yaml
```
### Node & node pool configuration
```hcl
module "cluster-1-nodepool-1" {
source = "./fabric/modules/gke-nodepool"
project_id = "myproject"
cluster_name = "cluster-1"
location = "europe-west1-b"
name = "nodepool-1"
labels = { environment = "dev" }
service_account = {
create = true
email = "nodepool-1" # optional
oauth_scopes = ["https://www.googleapis.com/auth/cloud-platform"]
}
node_config = {
machine_type = "n2-standard-2"
disk_size_gb = 50
disk_type = "pd-ssd"
ephemeral_ssd_count = 1
gvnic = true
spot = true
}
nodepool_config = {
autoscaling = {
max_node_count = 10
min_node_count = 1
}
management = {
auto_repair = true
auto_upgrade = false
}
}
}
# tftest modules=1 resources=2 inventory=config.yaml
``` ```
<!-- BEGIN TFDOC --> <!-- BEGIN TFDOC -->
@ -97,7 +123,7 @@ module "cluster-1-nodepool-1" {
| [nodepool_config](variables.tf#L115) | Nodepool-level configuration. | <code title="object&#40;&#123;&#10; autoscaling &#61; optional&#40;object&#40;&#123;&#10; location_policy &#61; optional&#40;string&#41;&#10; max_node_count &#61; optional&#40;number&#41;&#10; min_node_count &#61; optional&#40;number&#41;&#10; use_total_nodes &#61; optional&#40;bool, false&#41;&#10; &#125;&#41;&#41;&#10; management &#61; optional&#40;object&#40;&#123;&#10; auto_repair &#61; optional&#40;bool&#41;&#10; auto_upgrade &#61; optional&#40;bool&#41;&#10; &#125;&#41;&#41;&#10; upgrade_settings &#61; optional&#40;object&#40;&#123;&#10; max_surge &#61; number&#10; max_unavailable &#61; number&#10; &#125;&#41;&#41;&#10;&#125;&#41;">object&#40;&#123;&#8230;&#125;&#41;</code> | | <code>null</code> | | [nodepool_config](variables.tf#L115) | Nodepool-level configuration. | <code title="object&#40;&#123;&#10; autoscaling &#61; optional&#40;object&#40;&#123;&#10; location_policy &#61; optional&#40;string&#41;&#10; max_node_count &#61; optional&#40;number&#41;&#10; min_node_count &#61; optional&#40;number&#41;&#10; use_total_nodes &#61; optional&#40;bool, false&#41;&#10; &#125;&#41;&#41;&#10; management &#61; optional&#40;object&#40;&#123;&#10; auto_repair &#61; optional&#40;bool&#41;&#10; auto_upgrade &#61; optional&#40;bool&#41;&#10; &#125;&#41;&#41;&#10; upgrade_settings &#61; optional&#40;object&#40;&#123;&#10; max_surge &#61; number&#10; max_unavailable &#61; number&#10; &#125;&#41;&#41;&#10;&#125;&#41;">object&#40;&#123;&#8230;&#125;&#41;</code> | | <code>null</code> |
| [pod_range](variables.tf#L137) | Pod secondary range configuration. | <code title="object&#40;&#123;&#10; secondary_pod_range &#61; object&#40;&#123;&#10; cidr &#61; optional&#40;string&#41;&#10; create &#61; optional&#40;bool&#41;&#10; name &#61; string&#10; &#125;&#41;&#10;&#125;&#41;">object&#40;&#123;&#8230;&#125;&#41;</code> | | <code>null</code> | | [pod_range](variables.tf#L137) | Pod secondary range configuration. | <code title="object&#40;&#123;&#10; secondary_pod_range &#61; object&#40;&#123;&#10; cidr &#61; optional&#40;string&#41;&#10; create &#61; optional&#40;bool&#41;&#10; name &#61; string&#10; &#125;&#41;&#10;&#125;&#41;">object&#40;&#123;&#8230;&#125;&#41;</code> | | <code>null</code> |
| [reservation_affinity](variables.tf#L154) | Configuration of the desired reservation which instances could take capacity from. | <code title="object&#40;&#123;&#10; consume_reservation_type &#61; string&#10; key &#61; optional&#40;string&#41;&#10; values &#61; optional&#40;list&#40;string&#41;&#41;&#10;&#125;&#41;">object&#40;&#123;&#8230;&#125;&#41;</code> | | <code>null</code> | | [reservation_affinity](variables.tf#L154) | Configuration of the desired reservation which instances could take capacity from. | <code title="object&#40;&#123;&#10; consume_reservation_type &#61; string&#10; key &#61; optional&#40;string&#41;&#10; values &#61; optional&#40;list&#40;string&#41;&#41;&#10;&#125;&#41;">object&#40;&#123;&#8230;&#125;&#41;</code> | | <code>null</code> |
| [service_account](variables.tf#L164) | Nodepool service account. If this variable is set to null, the default GCE service account will be used. If set and email is null, a service account will be created. If scopes are null a default will be used. | <code title="object&#40;&#123;&#10; create &#61; optional&#40;bool, false&#41;&#10; email &#61; optional&#40;string, null&#41;&#10; oauth_scopes &#61; optional&#40;list&#40;string&#41;, null&#41;&#10;&#125;&#41;">object&#40;&#123;&#8230;&#125;&#41;</code> | | <code>&#123;&#125;</code> | | [service_account](variables.tf#L164) | Nodepool service account. If this variable is set to null, the default GCE service account will be used. If set and email is null, a service account will be created. If scopes are null a default will be used. | <code title="object&#40;&#123;&#10; create &#61; optional&#40;bool, false&#41;&#10; email &#61; optional&#40;string&#41;&#10; oauth_scopes &#61; optional&#40;list&#40;string&#41;&#41;&#10;&#125;&#41;">object&#40;&#123;&#8230;&#125;&#41;</code> | | <code>&#123;&#125;</code> |
| [sole_tenant_nodegroup](variables.tf#L175) | Sole tenant node group. | <code>string</code> | | <code>null</code> | | [sole_tenant_nodegroup](variables.tf#L175) | Sole tenant node group. | <code>string</code> | | <code>null</code> |
| [tags](variables.tf#L181) | Network tags applied to nodes. | <code>list&#40;string&#41;</code> | | <code>null</code> | | [tags](variables.tf#L181) | Network tags applied to nodes. | <code>list&#40;string&#41;</code> | | <code>null</code> |
| [taints](variables.tf#L187) | Kubernetes taints applied to all nodes. | <code title="list&#40;object&#40;&#123;&#10; key &#61; string&#10; value &#61; string&#10; effect &#61; string&#10;&#125;&#41;&#41;">list&#40;object&#40;&#123;&#8230;&#125;&#41;&#41;</code> | | <code>null</code> | | [taints](variables.tf#L187) | Kubernetes taints applied to all nodes. | <code title="list&#40;object&#40;&#123;&#10; key &#61; string&#10; value &#61; string&#10; effect &#61; string&#10;&#125;&#41;&#41;">list&#40;object&#40;&#123;&#8230;&#125;&#41;&#41;</code> | | <code>null</code> |

6
modules/gke-nodepool/variables.tf
View File

@ -1,5 +1,5 @@
/** /**
* Copyright 2022 Google LLC * Copyright 2023 Google LLC
* *
* Licensed under the Apache License, Version 2.0 (the "License"); * Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License. * you may not use this file except in compliance with the License.
@ -165,8 +165,8 @@ variable "service_account" {
description = "Nodepool service account. If this variable is set to null, the default GCE service account will be used. If set and email is null, a service account will be created. If scopes are null a default will be used." description = "Nodepool service account. If this variable is set to null, the default GCE service account will be used. If set and email is null, a service account will be created. If scopes are null a default will be used."
type = object({ type = object({
create = optional(bool, false) create = optional(bool, false)
email = optional(string, null) email = optional(string)
oauth_scopes = optional(list(string), null) oauth_scopes = optional(list(string))
}) })
default = {} default = {}
nullable = false nullable = false

145
modules/net-vpc/README.md
View File

@ -30,7 +30,88 @@ module "vpc" {
} }
] ]
} }
# tftest modules=1 resources=3 # tftest modules=1 resources=3 inventory=simple.yaml
```
### Subnet Options
```hcl
module "vpc" {
source = "./fabric/modules/net-vpc"
project_id = "my-project"
name = "my-network"
subnets = [
# simple subnet
{
name = "simple"
region = "europe-west1"
ip_cidr_range = "10.0.0.0/24"
},
# custom description and PGA disabled
{
name = "no-pga"
region = "europe-west1"
ip_cidr_range = "10.0.1.0/24",
description = "Subnet b"
enable_private_access = false
},
# secondary ranges
{
name = "with-secondary-ranges"
region = "europe-west1"
ip_cidr_range = "10.0.2.0/24"
secondary_ip_ranges = {
a = "192.168.0.0/24"
b = "192.168.1.0/24"
}
},
# enable flow logs
{
name = "with-flow-logs"
region = "europe-west1"
ip_cidr_range = "10.0.3.0/24"
flow_logs_config = {
flow_sampling = 0.5
aggregation_interval = "INTERVAL_10_MIN"
}
}
]
}
# tftest modules=1 resources=5 inventory=subnet-options.yaml
```
### Subnet IAM
```hcl
module "vpc" {
source = "./fabric/modules/net-vpc"
project_id = "my-project"
name = "my-network"
subnets = [
{
name = "subnet-1"
region = "europe-west1"
ip_cidr_range = "10.0.1.0/24"
},
{
name = "subnet-2"
region = "europe-west1"
ip_cidr_range = "10.0.1.0/24"
}
]
subnet_iam = {
"europe-west1/subnet-1" = {
"roles/compute.networkUser" = [
"user:user1@example.com", "group:group1@example.com"
]
}
"europe-west1/subnet-2" = {
"roles/compute.networkUser" = [
"user:user2@example.com", "group:group2@example.com"
]
}
}
}
# tftest modules=1 resources=5 inventory=subnet-iam.yaml
``` ```
### Peering ### Peering
@ -65,7 +146,7 @@ module "vpc-spoke-1" {
import_routes = true import_routes = true
} }
} }
# tftest modules=2 resources=6 # tftest modules=2 resources=6 inventory=peering.yaml
``` ```
### Shared VPC ### Shared VPC
@ -116,7 +197,7 @@ module "vpc-host" {
} }
} }
} }
# tftest modules=1 resources=7 # tftest modules=1 resources=7 inventory=shared-vpc.yaml
``` ```
### Private Service Networking ### Private Service Networking
@ -137,7 +218,7 @@ module "vpc" {
ranges = { myrange = "10.0.1.0/24" } ranges = { myrange = "10.0.1.0/24" }
} }
} }
# tftest modules=1 resources=5 # tftest modules=1 resources=5 inventory=psc.yaml
``` ```
### Private Service Networking with peering routes ### Private Service Networking with peering routes
@ -162,7 +243,7 @@ module "vpc" {
import_routes = true import_routes = true
} }
} }
# tftest modules=1 resources=5 # tftest modules=1 resources=5 inventory=psc-routes.yaml
``` ```
### Subnets for Private Service Connect, Proxy-only subnets ### Subnets for Private Service Connect, Proxy-only subnets
@ -194,7 +275,7 @@ module "vpc" {
} }
] ]
} }
# tftest modules=1 resources=3 # tftest modules=1 resources=3 inventory=proxy-only-subnets.yaml
``` ```
### DNS Policies ### DNS Policies
@ -219,7 +300,7 @@ module "vpc" {
} }
] ]
} }
# tftest modules=1 resources=3 # tftest modules=1 resources=3 inventory=dns-policies.yaml
``` ```
### Subnet Factory ### Subnet Factory
@ -233,11 +314,17 @@ module "vpc" {
name = "my-network" name = "my-network"
data_folder = "config/subnets" data_folder = "config/subnets"
} }
# tftest modules=1 resources=2 files=subnets # tftest modules=1 resources=3 files=subnet-simple,subnet-detailed inventory=factory.yaml
``` ```
```yaml ```yaml
# tftest-file id=subnets path=config/subnets/subnet-name.yaml # tftest-file id=subnet-simple path=config/subnets/subnet-simple.yaml
region: europe-west4
ip_cidr_range: 10.0.1.0/24
```
```yaml
# tftest-file id=subnet-detailed path=config/subnets/subnet-detailed.yaml
region: europe-west1 region: europe-west1
description: Sample description description: Sample description
ip_cidr_range: 10.0.0.0/24 ip_cidr_range: 10.0.0.0/24
@ -254,7 +341,45 @@ flow_logs: # enable, set to empty map to use defaults
metadata: "INCLUDE_ALL_METADATA" metadata: "INCLUDE_ALL_METADATA"
filter_expression: null filter_expression: null
``` ```
<!-- BEGIN TFDOC -->
### Custom Routes
VPC routes can be configured through the `routes` variable.
```hcl
locals {
route_types = {
gateway = "global/gateways/default-internet-gateway"
instance = "zones/europe-west1-b/test"
ip = "192.168.0.128"
ilb = "regions/europe-west1/forwardingRules/test"
vpn_tunnel = "regions/europe-west1/vpnTunnels/foo"
}
}
module "vpc" {
source = "./fabric/modules/net-vpc"
for_each = local.route_types
project_id = "my-project"
name = "my-network-with-route-${replace(each.key, "_", "-")}"
routes = {
next-hop = {
dest_range = "192.168.128.0/24"
tags = null
next_hop_type = each.key
next_hop = each.value
}
gateway = {
dest_range = "0.0.0.0/0",
priority = 100
tags = ["tag-a"]
next_hop_type = "gateway",
next_hop = "global/gateways/default-internet-gateway"
}
}
}
# tftest modules=5 resources=15 inventory=routes.yaml
```
## Variables ## Variables

6
modules/net-vpc/main.tf
View File

@ -1,5 +1,5 @@
/** /**
* Copyright 2022 Google LLC * Copyright 2023 Google LLC
* *
* Licensed under the Apache License, Version 2.0 (the "License"); * Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License. * you may not use this file except in compliance with the License.
@ -109,7 +109,7 @@ resource "google_dns_policy" "default" {
) )
iterator = ns iterator = ns
content { content {
ipv4_address = ns.key ipv4_address = ns.value
forwarding_path = "private" forwarding_path = "private"
} }
} }
@ -121,7 +121,7 @@ resource "google_dns_policy" "default" {
) )
iterator = ns iterator = ns
content { content {
ipv4_address = ns.key ipv4_address = ns.value
} }
} }
} }

4
tests/examples/conftest.py
View File

@ -1,4 +1,4 @@
# Copyright 2022 Google LLC # Copyright 2023 Google LLC
# #
# Licensed under the Apache License, Version 2.0 (the "License"); # Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License. # you may not use this file except in compliance with the License.
@ -21,7 +21,7 @@ import marko
FABRIC_ROOT = Path(__file__).parents[2] FABRIC_ROOT = Path(__file__).parents[2]
FILE_TEST_RE = re.compile(r'# tftest-file +id=(\w+) +path=([\S]+)') FILE_TEST_RE = re.compile(r'# tftest-file +id=([\w_.-]+) +path=([\S]+)')
Example = collections.namedtuple('Example', 'name code module files') Example = collections.namedtuple('Example', 'name code module files')
File = collections.namedtuple('File', 'path content') File = collections.namedtuple('File', 'path content')

4
tests/examples/test_plan.py
View File

@ -1,4 +1,4 @@
# Copyright 2022 Google LLC # Copyright 2023 Google LLC
# #
# Licensed under the Apache License, Version 2.0 (the "License"); # Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License. # you may not use this file except in compliance with the License.
@ -18,7 +18,7 @@ from pathlib import Path
BASE_PATH = Path(__file__).parent BASE_PATH = Path(__file__).parent
COUNT_TEST_RE = re.compile(r'# tftest +modules=(\d+) +resources=(\d+)' + COUNT_TEST_RE = re.compile(r'# tftest +modules=(\d+) +resources=(\d+)' +
r'(?: +files=([\w,-.]+))?' + r'(?: +files=([\w,_-]+))?' +
r'(?: +inventory=([\w\-.]+))?') r'(?: +inventory=([\w\-.]+))?')

42
tests/modules/api_gateway/examples/basic.yaml Normal file
View File

@ -0,0 +1,42 @@
# Copyright 2023 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
values:
module.gateway.google_api_gateway_api.api:
api_id: api
display_name: api
project: my-project
module.gateway.google_api_gateway_api_config.api_config:
api: api
gateway_config: []
grpc_services: []
labels: null
managed_service_configs: []
project: my-project
module.gateway.google_api_gateway_gateway.gateway:
display_name: gw-api
gateway_id: gw-api
labels: null
project: my-project
region: europe-west1
module.gateway.google_project_service.service:
disable_dependent_services: true
disable_on_destroy: true
project: my-project
counts:
google_api_gateway_api: 1
google_api_gateway_api_config: 1
google_api_gateway_gateway: 1
google_project_service: 1

90
tests/modules/api_gateway/examples/create-sa.yaml Normal file
View File

@ -0,0 +1,90 @@
# Copyright 2023 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
values:
module.gateway.google_api_gateway_api.api:
api_id: api
display_name: api
labels: null
project: my-project
module.gateway.google_api_gateway_api_config.api_config:
api: api
grpc_services: []
labels: null
managed_service_configs: []
project: my-project
module.gateway.google_api_gateway_api_config_iam_binding.api_config_iam_bindings["roles/apigateway.admin"]:
api: api
condition: []
members:
- user:mirene@google.com
project: my-project
role: roles/apigateway.admin
module.gateway.google_api_gateway_api_config_iam_binding.api_config_iam_bindings["roles/apigateway.viewer"]:
api: api
condition: []
members:
- user:mirene@google.com
project: my-project
role: roles/apigateway.viewer
module.gateway.google_api_gateway_api_iam_binding.api_iam_bindings["roles/apigateway.admin"]:
api: api
condition: []
members:
- user:mirene@google.com
project: my-project
role: roles/apigateway.admin
module.gateway.google_api_gateway_api_iam_binding.api_iam_bindings["roles/apigateway.viewer"]:
api: api
condition: []
members:
- user:mirene@google.com
project: my-project
role: roles/apigateway.viewer
module.gateway.google_api_gateway_gateway.gateway:
display_name: gw-api
gateway_id: gw-api
labels: null
project: my-project
region: europe-west1
module.gateway.google_api_gateway_gateway_iam_binding.gateway_iam_bindings["roles/apigateway.admin"]:
condition: []
gateway: gw-api
members:
- user:mirene@google.com
project: my-project
region: europe-west1
role: roles/apigateway.admin
module.gateway.google_api_gateway_gateway_iam_binding.gateway_iam_bindings["roles/apigateway.viewer"]:
condition: []
gateway: gw-api
members:
- user:mirene@google.com
project: my-project
region: europe-west1
role: roles/apigateway.viewer
module.gateway.google_project_service.service: {}
module.gateway.google_service_account.service_account[0]:
account_id: sa-api-cfg-api
project: my-project
counts:
google_api_gateway_api: 1
google_api_gateway_api_config: 1
google_api_gateway_api_config_iam_binding: 2
google_api_gateway_api_iam_binding: 2
google_api_gateway_gateway: 1
google_api_gateway_gateway_iam_binding: 2
google_project_service: 1
google_service_account: 1

71
tests/modules/api_gateway/examples/existing-sa.yaml Normal file
View File

@ -0,0 +1,71 @@
# Copyright 2023 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
values:
module.gateway.google_api_gateway_api.api:
api_id: api
display_name: api
labels: null
project: my-project
module.gateway.google_api_gateway_api_config.api_config:
api: api
gateway_config:
- backend_config:
- google_service_account: sa@my-project.iam.gserviceaccount.com
grpc_services: []
labels: null
managed_service_configs: []
project: my-project
module.gateway.google_api_gateway_api_config_iam_binding.api_config_iam_bindings["roles/apigateway.admin"]:
api: api
api_config: api-cfg-api-8656c6040d6d9ba18a8b9b5f3955c223
condition: []
members:
- user:user@example.com
project: my-project
role: roles/apigateway.admin
module.gateway.google_api_gateway_api_iam_binding.api_iam_bindings["roles/apigateway.admin"]:
api: api
condition: []
members:
- user:user@example.com
project: my-project
role: roles/apigateway.admin
module.gateway.google_api_gateway_gateway.gateway:
display_name: gw-api
gateway_id: gw-api
labels: null
project: my-project
region: europe-west1
module.gateway.google_api_gateway_gateway_iam_binding.gateway_iam_bindings["roles/apigateway.admin"]:
condition: []
gateway: gw-api
members:
- user:user@example.com
project: my-project
region: europe-west1
role: roles/apigateway.admin
module.gateway.google_project_service.service:
disable_dependent_services: true
disable_on_destroy: true
project: my-project
counts:
google_api_gateway_api: 1
google_api_gateway_api_config: 1
google_api_gateway_api_config_iam_binding: 1
google_api_gateway_api_iam_binding: 1
google_api_gateway_gateway: 1
google_api_gateway_gateway_iam_binding: 1
google_project_service: 1

26
tests/modules/api_gateway/fixture/main.tf
View File

@ -1,26 +0,0 @@
/**
* Copyright 2022 Google LLC
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
module "gateway" {
source = "../../../../modules/api-gateway"
api_id = var.api_id
project_id = var.project_id
labels = var.labels
iam = var.iam
region = var.region
spec = var.spec
service_account_create = true
}

55
tests/modules/api_gateway/fixture/variables.tf
View File

@ -1,55 +0,0 @@
/**
* Copyright 2022 Google LLC
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
variable "api_id" {
type = string
default = "my-api"
}
variable "iam" {
type = map(list(string))
default = null
}
variable "labels" {
type = map(string)
default = null
}
variable "project_id" {
type = string
default = "my-project"
}
variable "region" {
type = string
default = "europe-west1"
}
variable "service_account_create" {
type = bool
default = true
}
variable "service_account_email" {
type = string
default = null
}
variable "spec" {
type = string
default = "Spec contents"
}

34
tests/modules/dns/examples/forwarding-zone.yaml Normal file
View File

@ -0,0 +1,34 @@
# Copyright 2023 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
values:
module.private-dns.google_dns_managed_zone.non-public[0]:
dns_name: test.example.
forwarding_config:
- target_name_servers:
- forwarding_path: ''
ipv4_address: 10.0.1.1
- forwarding_path: private
ipv4_address: 1.2.3.4
name: test-example
private_visibility_config:
- gke_clusters: []
networks:
- network_url: projects/xxx/global/networks/aaa
project: myproject
visibility: private
counts:
google_dns_managed_zone: 1

36
tests/modules/net_vpc/simple.yaml → tests/modules/dns/examples/peering-zone.yaml
View File

@ -1,4 +1,4 @@
# Copyright 2022 Google LLC # Copyright 2023 Google LLC
# #
# Licensed under the Apache License, Version 2.0 (the "License"); # Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License. # you may not use this file except in compliance with the License.
@ -13,24 +13,22 @@
# limitations under the License. # limitations under the License.
values: values:
google_compute_network.network[0]: module.private-dns.google_dns_managed_zone.non-public[0]:
auto_create_subnetworks: false description: Forwarding zone for .
delete_default_routes_on_create: false dns_name: .
description: Terraform-managed. forwarding_config: []
name: test name: test-example
project: test-project peering_config:
routing_mode: GLOBAL - target_network:
- network_url: projects/xxx/global/networks/ccc
private_visibility_config:
- gke_clusters: []
networks:
- network_url: projects/xxx/global/networks/aaa
project: myproject
visibility: private
counts: counts:
google_compute_network: 1 google_dns_managed_zone: 1
outputs: outputs: {}
bindings: {}
project_id: test-project
subnet_ips: {}
subnet_regions: {}
subnet_secondary_ranges: {}
subnet_self_links: {}
subnets: {}
subnets_proxy_only: {}
subnets_psc: {}

50
tests/modules/dns/examples/private-zone.yaml Normal file
View File

@ -0,0 +1,50 @@
# Copyright 2023 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
values:
module.private-dns.google_dns_managed_zone.non-public[0]:
description: Terraform managed.
dns_name: test.example.
force_destroy: false
forwarding_config: []
name: test-example
peering_config: []
private_visibility_config:
- gke_clusters: []
networks:
- network_url: projects/xxx/global/networks/aaa
project: myproject
visibility: private
module.private-dns.google_dns_record_set.cloud-static-records["A localhost"]:
managed_zone: test-example
name: localhost.test.example.
project: myproject
routing_policy: []
rrdatas:
- 127.0.0.1
ttl: 300
type: A
module.private-dns.google_dns_record_set.cloud-static-records["A myhost"]:
managed_zone: test-example
name: myhost.test.example.
project: myproject
routing_policy: []
rrdatas:
- 10.0.0.120
ttl: 600
type: A
counts:
google_dns_managed_zone: 1
google_dns_record_set: 2

38
tests/modules/dns/examples/public-zone.yaml Normal file
View File

@ -0,0 +1,38 @@
# Copyright 2023 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
values:
module.public-dns.google_dns_managed_zone.public[0]:
dns_name: example.com.
name: example
project: myproject
visibility: public
module.public-dns.google_dns_record_set.cloud-static-records["A myhost"]:
managed_zone: example
name: myhost.example.com.
project: myproject
routing_policy: []
rrdatas:
- 127.0.0.1
ttl: 300
type: A
counts:
google_dns_keys: 1
google_dns_managed_zone: 1
google_dns_record_set: 1
modules: 1
resources: 3
outputs: {}

24
tests/modules/net_vpc/data/factory-subnet.yaml → tests/modules/dns/examples/reverse-zone.yaml
View File

@ -1,4 +1,4 @@
# Copyright 2022 Google LLC # Copyright 2023 Google LLC
# #
# Licensed under the Apache License, Version 2.0 (the "License"); # Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License. # you may not use this file except in compliance with the License.
@ -12,12 +12,16 @@
# See the License for the specific language governing permissions and # See the License for the specific language governing permissions and
# limitations under the License. # limitations under the License.
region: europe-west1 values:
description: Sample description module.private-dns.google_dns_managed_zone.non-public[0]:
ip_cidr_range: 10.128.0.0/24 description: Terraform managed.
enable_private_access: false dns_name: 0.0.10.in-addr.arpa.
iam_users: ["foobar@example.com"] name: test-example
iam_groups: ["lorem@example.com"] project: myproject
iam_service_accounts: ["foobar@project-id.iam.gserviceaccount.com"] reverse_lookup: true
secondary_ip_ranges: visibility: private
secondary-range-a: 192.168.128.0/24
counts:
google_dns_managed_zone: 1
outputs: {}

80
tests/modules/dns/examples/routing-policies.yaml Normal file
View File

@ -0,0 +1,80 @@
# Copyright 2023 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
values:
module.private-dns.google_dns_managed_zone.non-public[0]:
dns_name: test.example.
name: test-example
project: myproject
module.private-dns.google_dns_record_set.cloud-geo-records["A geo"]:
managed_zone: test-example
name: geo.test.example.
project: myproject
routing_policy:
- enable_geo_fencing: null
geo:
- health_checked_targets: []
location: europe-west1
rrdatas:
- 10.0.0.1
- health_checked_targets: []
location: europe-west2
rrdatas:
- 10.0.0.2
- health_checked_targets: []
location: europe-west3
rrdatas:
- 10.0.0.3
primary_backup: []
wrr: []
rrdatas: null
ttl: 300
type: A
module.private-dns.google_dns_record_set.cloud-static-records["A regular"]:
managed_zone: test-example
name: regular.test.example.
project: myproject
routing_policy: []
rrdatas:
- 10.20.0.1
ttl: 300
type: A
module.private-dns.google_dns_record_set.cloud-wrr-records["A wrr"]:
managed_zone: test-example
name: wrr.test.example.
project: myproject
routing_policy:
- enable_geo_fencing: null
geo: []
primary_backup: []
wrr:
- health_checked_targets: []
rrdatas:
- 10.10.0.1
weight: 0.6
- health_checked_targets: []
rrdatas:
- 10.10.0.2
weight: 0.2
- health_checked_targets: []
rrdatas:
- 10.10.0.3
weight: 0.2
rrdatas: null
ttl: 600
type: A
counts:
google_dns_managed_zone: 1
google_dns_record_set: 3

27
tests/modules/dns/fixture/main.tf
View File

@ -1,27 +0,0 @@
/**
* Copyright 2022 Google LLC
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
module "test" {
source = "../../../../modules/dns"
project_id = "my-project"
name = "test"
domain = "test.example."
client_networks = var.client_networks
type = var.type
forwarders = var.forwarders
peer_network = var.peer_network
recordsets = var.recordsets
}

62
tests/modules/dns/fixture/variables.tf
View File

@ -1,62 +0,0 @@
/**
* Copyright 2022 Google LLC
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
variable "client_networks" {
type = list(string)
default = [
"https://www.googleapis.com/compute/v1/projects/my-project/global/networks/default"
]
}
variable "forwarders" {
type = map(string)
default = {}
}
variable "peer_network" {
type = string
default = null
}
variable "recordsets" {
type = any
default = {
"A localhost" = { ttl = 300, records = ["127.0.0.1"] }
"A local-host.test.example." = { ttl = 300, records = ["127.0.0.2"] }
"CNAME *" = { ttl = 300, records = ["localhost.example.org."] }
"A " = { ttl = 300, records = ["127.0.0.3"] }
"A geo" = {
geo_routing = [
{ location = "europe-west1", records = ["127.0.0.4"] },
{ location = "europe-west2", records = ["127.0.0.5"] },
{ location = "europe-west3", records = ["127.0.0.6"] }
]
}
"A wrr" = {
ttl = 600
wrr_routing = [
{ weight = 0.6, records = ["127.0.0.7"] },
{ weight = 0.2, records = ["127.0.0.8"] },
{ weight = 0.2, records = ["127.0.0.9"] }
]
}
}
}
variable "type" {
type = string
default = "private"
}

5
tests/modules/dns/no_clients.tfvars Normal file
View File

@ -0,0 +1,5 @@
type = "private"
domain = "test.example."
name = "test"
project_id = "my-project"
client_networks = []

19
tests/modules/gcs/iam.yaml → tests/modules/dns/no_clients.yaml
View File

@ -1,4 +1,4 @@
# Copyright 2022 Google LLC # Copyright 2023 Google LLC
# #
# Licensed under the Apache License, Version 2.0 (the "License"); # Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License. # you may not use this file except in compliance with the License.
@ -13,18 +13,13 @@
# limitations under the License. # limitations under the License.
values: values:
google_storage_bucket.bucket: google_dns_managed_zone.non-public[0]:
dns_name: test.example.
name: test name: test
private_visibility_config: []
google_storage_bucket_iam_binding.bindings["roles/storage.admin"]: visibility: private
bucket: test
condition: []
members:
- user:a@example.org
role: roles/storage.admin
counts: counts:
google_storage_bucket: 1 google_dns_managed_zone: 1
google_storage_bucket_iam_binding: 1
modules: 0 modules: 0
resources: 2 resources: 1

4
tests/modules/dns/null_forwarders.tfvars Normal file
View File

@ -0,0 +1,4 @@
type = "forwarding"
domain = "test.example."
name = "test"
project_id = "my-project"

11
tests/modules/net_vpc/data/factory-subnet2.yaml → tests/modules/dns/null_forwarders.yaml
View File

@ -1,4 +1,4 @@
# Copyright 2022 Google LLC # Copyright 2023 Google LLC
# #
# Licensed under the Apache License, Version 2.0 (the "License"); # Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License. # you may not use this file except in compliance with the License.
@ -12,6 +12,9 @@
# See the License for the specific language governing permissions and # See the License for the specific language governing permissions and
# limitations under the License. # limitations under the License.
region: europe-west4 values:
description: Sample description google_dns_managed_zone.non-public[0]:
ip_cidr_range: 10.129.0.0/24 forwarding_config: []
counts:
google_dns_managed_zone: 1

138
tests/modules/dns/test_plan.py
View File

@ -1,138 +0,0 @@
# Copyright 2022 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
def test_private(plan_runner):
"Test private zone with three recordsets."
_, resources = plan_runner()
assert len(resources) == 7
assert set(r['type'] for r in resources) == {
'google_dns_record_set', 'google_dns_managed_zone'
}
for r in resources:
if r['type'] != 'google_dns_managed_zone':
continue
assert r['values']['visibility'] == 'private'
assert len(r['values']['private_visibility_config']) == 1
def test_private_recordsets(plan_runner):
"Test recordsets in private zone."
_, resources = plan_runner()
recordsets = [
r['values'] for r in resources if r['type'] == 'google_dns_record_set'
]
assert set(r['name'] for r in recordsets) == {
'localhost.test.example.', 'local-host.test.example.', '*.test.example.',
"test.example.", "geo.test.example.", "wrr.test.example."
}
for r in recordsets:
if r['name'] not in ['wrr.test.example.', 'geo.test.example.']:
assert r['routing_policy'] == []
assert r['rrdatas'] != []
def test_routing_policies(plan_runner):
"Test recordsets with routing policies."
_, resources = plan_runner()
recordsets = [
r['values'] for r in resources if r['type'] == 'google_dns_record_set'
]
geo_zone = [
r['values'] for r in resources if r['address'] ==
'module.test.google_dns_record_set.cloud-geo-records["A geo"]'
][0]
assert geo_zone['name'] == 'geo.test.example.'
assert geo_zone['routing_policy'][0]['wrr'] == []
geo_policy = geo_zone['routing_policy'][0]['geo']
assert geo_policy[0]['location'] == 'europe-west1'
assert geo_policy[0]['rrdatas'] == ['127.0.0.4']
assert geo_policy[1]['location'] == 'europe-west2'
assert geo_policy[1]['rrdatas'] == ['127.0.0.5']
assert geo_policy[2]['location'] == 'europe-west3'
assert geo_policy[2]['rrdatas'] == ['127.0.0.6']
wrr_zone = [
r['values'] for r in resources if r['address'] ==
'module.test.google_dns_record_set.cloud-wrr-records["A wrr"]'
][0]
assert wrr_zone['name'] == 'wrr.test.example.'
wrr_policy = wrr_zone['routing_policy'][0]['wrr']
assert wrr_policy[0]['weight'] == 0.6
assert wrr_policy[0]['rrdatas'] == ['127.0.0.7']
assert wrr_policy[1]['weight'] == 0.2
assert wrr_policy[1]['rrdatas'] == ['127.0.0.8']
assert wrr_policy[2]['weight'] == 0.2
assert wrr_policy[2]['rrdatas'] == ['127.0.0.9']
assert wrr_zone['routing_policy'][0]['geo'] == []
def test_private_no_networks(plan_runner):
"Test private zone not exposed to any network."
_, resources = plan_runner(client_networks='[]')
for r in resources:
if r['type'] != 'google_dns_managed_zone':
continue
assert r['values']['visibility'] == 'private'
assert len(r['values']['private_visibility_config']) == 0
def test_forwarding_recordsets_null_forwarders(plan_runner):
"Test forwarding zone with wrong set of attributes does not break."
_, resources = plan_runner(type='forwarding')
assert len(resources) == 1
resource = resources[0]
assert resource['type'] == 'google_dns_managed_zone'
assert resource['values']['forwarding_config'] == []
def test_forwarding(plan_runner):
"Test forwarding zone with single forwarder."
_, resources = plan_runner(type='forwarding', recordsets='null',
forwarders='{ "1.2.3.4" = null }')
assert len(resources) == 1
resource = resources[0]
assert resource['type'] == 'google_dns_managed_zone'
assert resource['values']['forwarding_config'] == [{
'target_name_servers': [{
'forwarding_path': '',
'ipv4_address': '1.2.3.4'
}]
}]
def test_peering(plan_runner):
"Test peering zone."
_, resources = plan_runner(type='peering', recordsets='null',
peer_network='dummy-vpc-self-link')
assert len(resources) == 1
resource = resources[0]
assert resource['type'] == 'google_dns_managed_zone'
assert resource['values']['peering_config'] == [{
'target_network': [{
'network_url': 'dummy-vpc-self-link'
}]
}]
def test_public(plan_runner):
"Test public zone with two recordsets."
_, resources = plan_runner(type='public')
for r in resources:
if r['type'] != 'google_dns_managed_zone':
continue
assert r['values']['visibility'] == 'public'
assert r['values']['private_visibility_config'] == []

11
tests/modules/gcs/tftest.yaml → tests/modules/dns/tftest.yaml
View File

@ -1,4 +1,4 @@
# Copyright 2022 Google LLC # Copyright 2023 Google LLC
# #
# Licensed under the Apache License, Version 2.0 (the "License"); # Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License. # you may not use this file except in compliance with the License.
@ -12,9 +12,8 @@
# See the License for the specific language governing permissions and # See the License for the specific language governing permissions and
# limitations under the License. # limitations under the License.
module: modules/gcs module: modules/dns
common_tfvars:
- common.tfvars
tests: tests:
prefix: no_clients:
iam: null_forwarders:

13
tests/modules/gcs/common.tfvars
View File

@ -1,13 +0,0 @@
force_destroy = true
labels = { environment = "test" }
logging_config = {
log_bucket = "foo"
}
name = "test"
project_id = "test-project"
retention_policy = {
retention_period = 5
is_locked = false
}
storage_class = "MULTI_REGIONAL"
versioning = true

14
tests/modules/api_gateway/test_plan.py → tests/modules/gcs/examples/cmek.yaml
View File

@ -1,4 +1,4 @@
# Copyright 2022 Google LLC # Copyright 2023 Google LLC
# #
# Licensed under the Apache License, Version 2.0 (the "License"); # Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License. # you may not use this file except in compliance with the License.
@ -12,8 +12,12 @@
# See the License for the specific language governing permissions and # See the License for the specific language governing permissions and
# limitations under the License. # limitations under the License.
values:
module.bucket.google_storage_bucket.bucket:
encryption:
- default_kms_key_name: my-encryption-key
name: my-bucket
project: myproject
def test_resource_count(plan_runner): counts:
"Test number of resources created." google_storage_bucket: 1
_, resources = plan_runner()
assert len(resources) == 5

46
tests/modules/gcs/prefix.yaml → tests/modules/gcs/examples/lifecycle.yaml
View File

@ -1,4 +1,4 @@
# Copyright 2022 Google LLC # Copyright 2023 Google LLC
# #
# Licensed under the Apache License, Version 2.0 (the "License"); # Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License. # you may not use this file except in compliance with the License.
@ -13,32 +13,26 @@
# limitations under the License. # limitations under the License.
values: values:
google_storage_bucket.bucket: module.bucket.google_storage_bucket.bucket:
force_destroy: true lifecycle_rule:
labels: - action:
environment: test - storage_class: STANDARD
location: EU type: SetStorageClass
logging: condition:
- log_bucket: foo - age: 30
name: foo-test created_before: ''
project: test-project custom_time_before: ''
retention_policy: days_since_custom_time: null
- is_locked: false days_since_noncurrent_time: null
retention_period: 5 matches_prefix: []
storage_class: MULTI_REGIONAL matches_storage_class: []
uniform_bucket_level_access: true matches_suffix: []
versioning: noncurrent_time_before: ''
- enabled: true num_newer_versions: null
name: my-bucket
project: myproject
counts: counts:
google_storage_bucket: 1 google_storage_bucket: 1
modules: 0
resources: 1
outputs: outputs: {}
bucket: __missing__
id: foo-test
name: foo-test
notification: null
topic: null
url: __missing__

31
tests/modules/gcs/examples/notification.yaml Normal file
View File

@ -0,0 +1,31 @@
# Copyright 2023 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
values:
module.bucket-gcs-notification.google_pubsub_topic.topic[0]: {}
module.bucket-gcs-notification.google_pubsub_topic_iam_binding.binding[0]: {}
module.bucket-gcs-notification.google_storage_bucket.bucket:
name: my-bucket
project: myproject
module.bucket-gcs-notification.google_storage_notification.notification[0]:
bucket: my-bucket
event_types:
- OBJECT_FINALIZE
payload_format: JSON_API_V1
counts:
google_pubsub_topic: 1
google_pubsub_topic_iam_binding: 1
google_storage_bucket: 1
google_storage_notification: 1

26
tests/modules/gcs/examples/retention-logging.yaml Normal file
View File

@ -0,0 +1,26 @@
# Copyright 2023 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
values:
module.bucket.google_storage_bucket.bucket:
logging:
- log_bucket: log-bucket
name: my-bucket
project: myproject
retention_policy:
- is_locked: true
retention_period: 100
counts:
google_storage_bucket: 1

46
tests/modules/gcs/examples/simple.yaml Normal file
View File

@ -0,0 +1,46 @@
# Copyright 2023 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
values:
module.bucket.google_storage_bucket.bucket:
autoclass: []
cors: []
custom_placement_config: []
default_event_based_hold: null
encryption: []
force_destroy: false
labels:
cost-center: devops
lifecycle_rule: []
location: EU
logging: []
name: test-my-bucket
project: myproject
requester_pays: null
retention_policy: []
storage_class: MULTI_REGIONAL
timeouts: null
uniform_bucket_level_access: true
versioning:
- enabled: true
module.bucket.google_storage_bucket_iam_binding.bindings["roles/storage.admin"]:
bucket: test-my-bucket
condition: []
members:
- group:storage@example.com
role: roles/storage.admin
counts:
google_storage_bucket: 1
google_storage_bucket_iam_binding: 1

3
tests/modules/gcs/iam.tfvars
View File

@ -1,3 +0,0 @@
iam = {
"roles/storage.admin" = ["user:a@example.org"]
}

1
tests/modules/gcs/prefix.tfvars
View File

@ -1 +0,0 @@
prefix = "foo"

32
tests/modules/gke_cluster/examples/autopilot.yaml Normal file
View File

@ -0,0 +1,32 @@
# Copyright 2023 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
values:
module.cluster-autopilot.google_container_cluster.cluster:
enable_autopilot: true
ip_allocation_policy:
- cluster_secondary_range_name: pods
services_secondary_range_name: services
location: europe-west1-b
master_authorized_networks_config:
- cidr_blocks:
- cidr_block: 10.0.0.0/8
display_name: internal-vms
name: cluster-autopilot
network: projects/xxx/global/networks/aaa
project: myproject
subnetwork: subnet_self_link
counts:
google_container_cluster: 1

42
tests/modules/gke_cluster/examples/basic.yaml Normal file
View File

@ -0,0 +1,42 @@
# Copyright 2023 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
values:
module.cluster-1.google_container_cluster.cluster:
default_max_pods_per_node: 32
ip_allocation_policy:
- cluster_secondary_range_name: pods
services_secondary_range_name: services
location: europe-west1-b
master_authorized_networks_config:
- cidr_blocks:
- cidr_block: 10.0.0.0/8
display_name: internal-vms
name: cluster-1
network: projects/xxx/global/networks/aaa
private_cluster_config:
- enable_private_endpoint: true
enable_private_nodes: true
master_global_access_config:
- enabled: false
master_ipv4_cidr_block: 192.168.0.0/28
private_endpoint_subnetwork: null
project: myproject
remove_default_node_pool: true
resource_labels:
environment: dev
subnetwork: subnet_self_link
counts:
google_container_cluster: 1

45
tests/modules/gke_cluster/examples/dataplane-v2.yaml Normal file
View File

@ -0,0 +1,45 @@
# Copyright 2023 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
values:
module.cluster-1.google_container_cluster.cluster:
datapath_provider: ADVANCED_DATAPATH
ip_allocation_policy:
- cluster_secondary_range_name: pods
services_secondary_range_name: services
location: europe-west1-b
master_authorized_networks_config:
- cidr_blocks:
- cidr_block: 10.0.0.0/8
display_name: internal-vms
min_master_version: null
name: cluster-dataplane-v2
network: projects/xxx/global/networks/aaa
private_cluster_config:
- enable_private_endpoint: true
enable_private_nodes: true
master_global_access_config:
- enabled: false
master_ipv4_cidr_block: 192.168.0.0/28
private_endpoint_subnetwork: null
project: myproject
remove_default_node_pool: true
resource_labels:
environment: dev
subnetwork: subnet_self_link
workload_identity_config:
- workload_pool: myproject.svc.id.goog
counts:
google_container_cluster: 1

29
tests/modules/gke_cluster/fixture/main.tf
View File

@ -1,29 +0,0 @@
/**
* Copyright 2022 Google LLC
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
module "test" {
source = "../../../../modules/gke-cluster"
project_id = "my-project"
name = "cluster-1"
location = "europe-west1-b"
vpc_config = {
network = "mynetwork"
subnetwork = "mysubnet"
}
enable_addons = var.enable_addons
enable_features = var.enable_features
tags = var.tags
}

43
tests/modules/gke_cluster/fixture/variables.tf
View File

@ -1,43 +0,0 @@
/**
* Copyright 2022 Google LLC
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
variable "enable_addons" {
type = any
default = {
horizontal_pod_autoscaling = true
http_load_balancing = true
}
}
variable "enable_features" {
type = any
default = {
workload_identity = true
}
}
variable "monitoring_config" {
type = any
default = {
managed_prometheus = true
}
}
variable "tags" {
description = "Network tags applied to nodes."
type = list(string)
default = null
}

38
tests/modules/gke_cluster/test_plan.py
View File

@ -1,38 +0,0 @@
# Copyright 2022 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
def test_standard(plan_runner):
"Test resources created with variable defaults."
_, resources = plan_runner()
assert len(resources) == 1
cluster_config = resources[0]['values']
assert cluster_config['name'] == "cluster-1"
assert cluster_config['network'] == "mynetwork"
assert cluster_config['subnetwork'] == "mysubnet"
assert cluster_config['enable_autopilot'] is None
# assert 'service_account' not in node_config
def test_autopilot(plan_runner):
"Test resources created with variable defaults."
_, resources = plan_runner(enable_features='{ autopilot=true }')
assert len(resources) == 1
cluster_config = resources[0]['values']
assert cluster_config['name'] == "cluster-1"
assert cluster_config['network'] == "mynetwork"
assert cluster_config['subnetwork'] == "mysubnet"
assert cluster_config['enable_autopilot'] == True
# assert 'service_account' not in node_config

23
tests/modules/gke_nodepool/examples/basic.yaml Normal file
View File

@ -0,0 +1,23 @@
# Copyright 2023 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
values:
module.cluster-1-nodepool-1.google_container_node_pool.nodepool:
cluster: cluster-1
location: europe-west1-b
name: nodepool-1
project: myproject
counts:
google_container_node_pool: 1

60
tests/modules/gke_nodepool/examples/config.yaml Normal file
View File

@ -0,0 +1,60 @@
# Copyright 2023 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
values:
module.cluster-1-nodepool-1.google_container_node_pool.nodepool:
autoscaling:
- location_policy: null
max_node_count: 10
min_node_count: 1
total_max_node_count: null
total_min_node_count: null
cluster: cluster-1
initial_node_count: 1
location: europe-west1-b
management:
- auto_repair: true
auto_upgrade: false
name: nodepool-1
node_config:
- boot_disk_kms_key: null
disk_size_gb: 50
disk_type: pd-ssd
ephemeral_storage_config:
- local_ssd_count: 1
gcfs_config: []
gvnic: []
kubelet_config: []
labels:
environment: dev
linux_node_config: []
logging_variant: DEFAULT
machine_type: n2-standard-2
node_group: null
oauth_scopes:
- https://www.googleapis.com/auth/cloud-platform
preemptible: false
reservation_affinity: []
resource_labels: null
sandbox_config: []
spot: true
tags: null
taint: []
placement_policy: []
project: myproject
module.cluster-1-nodepool-1.google_service_account.service_account[0]: {}
counts:
google_container_node_pool: 1
google_service_account: 1

52
tests/modules/gke_nodepool/examples/create-sa.yaml Normal file
View File

@ -0,0 +1,52 @@
# Copyright 2023 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
values:
module.cluster-1-nodepool-1.google_container_node_pool.nodepool:
cluster: cluster-1
location: europe-west1-b
name: nodepool-1
node_config:
- boot_disk_kms_key: null
disk_type: pd-balanced
ephemeral_storage_config: []
gcfs_config: []
gvnic: []
kubelet_config: []
linux_node_config: []
logging_variant: DEFAULT
node_group: null
oauth_scopes:
- https://www.googleapis.com/auth/cloud-platform
preemptible: false
reservation_affinity: []
resource_labels: null
sandbox_config: []
spot: false
tags: null
taint: []
placement_policy: []
project: myproject
timeouts: null
module.cluster-1-nodepool-1.google_service_account.service_account[0]:
account_id: spam-eggs
description: null
disabled: false
display_name: Terraform GKE cluster-1 nodepool-1.
project: myproject
timeouts: null
counts:
google_container_node_pool: 1
google_service_account: 1

43
tests/modules/gke_nodepool/examples/external-sa.yaml Normal file
View File

@ -0,0 +1,43 @@
# Copyright 2023 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
values:
module.cluster-1-nodepool-1.google_container_node_pool.nodepool:
cluster: cluster-1
location: europe-west1-b
name: nodepool-1
node_config:
- boot_disk_kms_key: null
disk_type: pd-balanced
ephemeral_storage_config: []
gcfs_config: []
gvnic: []
kubelet_config: []
linux_node_config: []
logging_variant: DEFAULT
node_group: null
oauth_scopes:
- https://www.googleapis.com/auth/cloud-platform
preemptible: false
reservation_affinity: []
resource_labels: null
sandbox_config: []
service_account: foo-bar@myproject.iam.gserviceaccount.com
spot: false
tags: null
taint: []
project: myproject
counts:
google_container_node_pool: 1

45
tests/modules/gke_nodepool/fixture/main.tf
View File

@ -1,45 +0,0 @@
/**
* Copyright 2022 Google LLC
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
resource "google_service_account" "test" {
project = "my-project"
account_id = "gke-nodepool-test"
display_name = "Test Service Account"
}
module "test" {
source = "../../../../modules/gke-nodepool"
project_id = "my-project"
cluster_name = "cluster-1"
location = "europe-west1-b"
name = "nodepool-1"
gke_version = var.gke_version
labels = var.labels
max_pods_per_node = var.max_pods_per_node
node_config = var.node_config
node_count = var.node_count
node_locations = var.node_locations
nodepool_config = var.nodepool_config
pod_range = var.pod_range
reservation_affinity = var.reservation_affinity
service_account = {
create = var.service_account_create
email = google_service_account.test.email
}
sole_tenant_nodegroup = var.sole_tenant_nodegroup
tags = var.tags
taints = var.taints
}

86
tests/modules/gke_nodepool/fixture/variables.tf
View File

@ -1,86 +0,0 @@
/**
* Copyright 2022 Google LLC
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
variable "gke_version" {
type = string
default = null
}
variable "labels" {
type = map(string)
default = {}
nullable = false
}
variable "max_pods_per_node" {
type = number
default = null
}
variable "node_config" {
type = any
default = {
disk_type = "pd-balanced"
}
}
variable "node_count" {
type = any
default = {
initial = 1
}
nullable = false
}
variable "node_locations" {
type = list(string)
default = null
}
variable "nodepool_config" {
type = any
default = null
}
variable "pod_range" {
type = any
default = null
}
variable "reservation_affinity" {
type = any
default = null
}
variable "service_account_create" {
type = bool
default = false
}
variable "sole_tenant_nodegroup" {
type = string
default = null
}
variable "tags" {
type = list(string)
default = null
}
variable "taints" {
type = any
default = null
}

67
tests/modules/gke_nodepool/test_plan.py
View File

@ -1,67 +0,0 @@
# Copyright 2022 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
def test_defaults(plan_runner):
"Test resources created with variable defaults."
_, resources = plan_runner()
assert len(resources) == 1
assert resources[0]['values']['autoscaling'] == []
def test_service_account(plan_runner):
_, resources = plan_runner()
assert len(resources) == 1
_, resources = plan_runner(service_account_create='true')
assert len(resources) == 2
assert 'google_service_account' in [r['type'] for r in resources]
def test_nodepool_config(plan_runner):
nodepool_config = '''{
autoscaling = { use_total_nodes = true, max_node_count = 3}
management = {}
upgrade_settings = { max_surge = 3, max_unavailable = 3 }
}'''
_, resources = plan_runner(nodepool_config=nodepool_config)
assert resources[0]['values']['autoscaling'] == [{
'location_policy': None,
'max_node_count': None,
'min_node_count': None,
'total_max_node_count': 3,
'total_min_node_count': None
}]
nodepool_config = '{ autoscaling = { max_node_count = 3} }'
_, resources = plan_runner(nodepool_config=nodepool_config)
assert resources[0]['values']['autoscaling'] == [{
'location_policy': None,
'max_node_count': 3,
'min_node_count': None,
'total_max_node_count': None,
'total_min_node_count': None
}]
def test_node_config(plan_runner):
node_config = '''{
gcfs = true
metadata = { foo = "bar" }
}'''
_, resources = plan_runner(node_config=node_config)
values = resources[0]['values']['node_config'][0]
assert values['gcfs_config'] == [{'enabled': True}]
assert values['metadata'] == {
'disable-legacy-endpoints': 'true',
'foo': 'bar'
}

42
tests/modules/net_vpc/examples/dns-policies.yaml Normal file
View File

@ -0,0 +1,42 @@
# Copyright 2023 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
values:
module.vpc.google_compute_network.network[0]:
name: my-network
project: my-project
module.vpc.google_compute_subnetwork.subnetwork["europe-west1/production"]: {}
module.vpc.google_dns_policy.default[0]:
alternative_name_server_config:
- target_name_servers:
- forwarding_path: ''
ipv4_address: '8.8.8.8'
- forwarding_path: private
ipv4_address: '10.0.0.1'
description: Managed by Terraform
enable_inbound_forwarding: true
enable_logging: null
name: my-network
networks:
- {}
project: my-project
counts:
google_compute_network: 1
google_compute_subnetwork: 1
google_dns_policy: 1
modules: 1
resources: 3
outputs: {}

50
tests/modules/net_vpc/examples/factory.yaml Normal file
View File

@ -0,0 +1,50 @@
# Copyright 2023 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
values:
module.vpc.google_compute_network.network[0]:
name: my-network
project: my-project
routing_mode: GLOBAL
module.vpc.google_compute_subnetwork.subnetwork["europe-west1/subnet-detailed"]:
description: Sample description
ip_cidr_range: 10.0.0.0/24
log_config:
- aggregation_interval: INTERVAL_5_SEC
filter_expr: 'true'
flow_sampling: 0.5
metadata: INCLUDE_ALL_METADATA
metadata_fields: null
name: subnet-detailed
private_ip_google_access: false
project: my-project
region: europe-west1
role: null
secondary_ip_range:
- ip_cidr_range: 192.168.0.0/24
range_name: secondary-range-a
module.vpc.google_compute_subnetwork.subnetwork["europe-west4/subnet-simple"]:
description: Terraform-managed.
ip_cidr_range: 10.0.1.0/24
log_config: []
name: subnet-simple
private_ip_google_access: true
project: my-project
region: europe-west4
role: null
secondary_ip_range: []
counts:
google_compute_network: 1
google_compute_subnetwork: 2

43
tests/modules/net_vpc/peering.yaml → tests/modules/net_vpc/examples/peering.yaml
View File

@ -1,4 +1,4 @@
# Copyright 2022 Google LLC # Copyright 2023 Google LLC
# #
# Licensed under the Apache License, Version 2.0 (the "License"); # Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License. # you may not use this file except in compliance with the License.
@ -13,35 +13,22 @@
# limitations under the License. # limitations under the License.
values: values:
google_compute_network.network[0]: module.vpc-hub.google_compute_network.network[0]: {}
auto_create_subnetworks: false module.vpc-spoke-1.google_compute_network.network[0]: {}
delete_default_routes_on_create: false module.vpc-hub.google_compute_subnetwork.subnetwork["europe-west1/subnet-1"]: {}
description: Terraform-managed. module.vpc-spoke-1.google_compute_subnetwork.subnetwork["europe-west1/subnet-2"]: {}
name: test module.vpc-spoke-1.google_compute_network_peering.local[0]:
project: test-project
routing_mode: GLOBAL
google_compute_network_peering.local[0]:
export_custom_routes: true
import_custom_routes: false
name: test-peer
peer_network: projects/my-project/global/networks/peer
google_compute_network_peering.remote[0]:
export_custom_routes: false export_custom_routes: false
export_subnet_routes_with_public_ip: true
import_custom_routes: true import_custom_routes: true
name: peer-test import_subnet_routes_with_public_ip: null
network: projects/my-project/global/networks/peer module.vpc-spoke-1.google_compute_network_peering.remote[0]:
export_custom_routes: true
export_subnet_routes_with_public_ip: true
import_custom_routes: false
import_subnet_routes_with_public_ip: null
counts: counts:
google_compute_network: 1 google_compute_network: 2
google_compute_network_peering: 2 google_compute_network_peering: 2
google_compute_subnetwork: 2
outputs:
bindings: {}
project_id: test-project
subnet_ips: {}
subnet_regions: {}
subnet_secondary_ranges: {}
subnet_self_links: {}
subnets: {}
subnets_proxy_only: {}
subnets_psc: {}

40
tests/modules/net_vpc/examples/proxy-only-subnets.yaml Normal file
View File

@ -0,0 +1,40 @@
# Copyright 2023 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
values:
module.vpc.google_compute_network.network[0]:
name: my-network
project: my-project
module.vpc.google_compute_subnetwork.proxy_only["europe-west1/regional-proxy"]:
description: Terraform-managed proxy-only subnet for Regional HTTPS or Internal HTTPS LB.
ip_cidr_range: 10.0.1.0/24
log_config: []
name: regional-proxy
project: my-project
purpose: REGIONAL_MANAGED_PROXY
region: europe-west1
role: ACTIVE
module.vpc.google_compute_subnetwork.psc["europe-west1/psc"]:
description: Terraform-managed subnet for Private Service Connect (PSC NAT).
ip_cidr_range: 10.0.3.0/24
log_config: []
name: psc
project: my-project
purpose: PRIVATE_SERVICE_CONNECT
region: europe-west1
role: null
counts:
google_compute_network: 1
google_compute_subnetwork: 2

47
tests/modules/net_vpc/examples/psc-routes.yaml Normal file
View File

@ -0,0 +1,47 @@
# Copyright 2023 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
values:
module.vpc.google_compute_global_address.psa_ranges["myrange"]:
address: 10.0.1.0
address_type: INTERNAL
description: null
ip_version: null
name: myrange
prefix_length: 24
project: my-project
purpose: VPC_PEERING
module.vpc.google_compute_network.network[0]:
name: my-network
project: my-project
routing_mode: GLOBAL
module.vpc.google_compute_network_peering_routes_config.psa_routes["1"]:
export_custom_routes: true
import_custom_routes: true
project: my-project
module.vpc.google_compute_subnetwork.subnetwork["europe-west1/production"]:
ip_cidr_range: 10.0.0.0/24
name: production
project: my-project
module.vpc.google_service_networking_connection.psa_connection["1"]:
reserved_peering_ranges:
- myrange
service: servicenetworking.googleapis.com
counts:
google_compute_global_address: 1
google_compute_network: 1
google_compute_network_peering_routes_config: 1
google_compute_subnetwork: 1
google_service_networking_connection: 1

46
tests/modules/net_vpc/examples/psc.yaml Normal file
View File

@ -0,0 +1,46 @@
# Copyright 2023 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
values:
module.vpc.google_compute_global_address.psa_ranges["myrange"]:
address: 10.0.1.0
address_type: INTERNAL
name: myrange
prefix_length: 24
project: my-project
purpose: VPC_PEERING
module.vpc.google_compute_network.network[0]:
name: my-network
project: my-project
module.vpc.google_compute_network_peering_routes_config.psa_routes["1"]:
export_custom_routes: false
import_custom_routes: false
project: my-project
module.vpc.google_compute_subnetwork.subnetwork["europe-west1/production"]:
ip_cidr_range: 10.0.0.0/24
name: production
project: my-project
module.vpc.google_service_networking_connection.psa_connection["1"]:
reserved_peering_ranges:
- myrange
service: servicenetworking.googleapis.com
counts:
google_compute_global_address: 1
google_compute_network: 1
google_compute_network_peering_routes_config: 1
google_compute_subnetwork: 1
google_service_networking_connection: 1
outputs: {}

146
tests/modules/net_vpc/examples/routes.yaml Normal file
View File

@ -0,0 +1,146 @@
# Copyright 2023 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
values:
module.vpc["gateway"].google_compute_network.network[0]:
name: my-network-with-route-gateway
project: my-project
routing_mode: GLOBAL
module.vpc["gateway"].google_compute_route.gateway["gateway"]:
dest_range: 0.0.0.0/0
name: my-network-with-route-gateway-gateway
next_hop_gateway: global/gateways/default-internet-gateway
next_hop_ilb: null
next_hop_instance: null
next_hop_vpn_tunnel: null
priority: 100
project: my-project
tags:
- tag-a
module.vpc["gateway"].google_compute_route.gateway["next-hop"]:
dest_range: 192.168.128.0/24
name: my-network-with-route-gateway-next-hop
next_hop_gateway: global/gateways/default-internet-gateway
next_hop_ilb: null
next_hop_instance: null
next_hop_vpn_tunnel: null
priority: 1000
project: my-project
tags: null
module.vpc["ilb"].google_compute_network.network[0]:
name: my-network-with-route-ilb
project: my-project
routing_mode: GLOBAL
module.vpc["ilb"].google_compute_route.gateway["gateway"]:
dest_range: 0.0.0.0/0
name: my-network-with-route-ilb-gateway
next_hop_gateway: global/gateways/default-internet-gateway
next_hop_ilb: null
next_hop_instance: null
next_hop_vpn_tunnel: null
priority: 100
project: my-project
tags:
- tag-a
module.vpc["ilb"].google_compute_route.ilb["next-hop"]:
dest_range: 192.168.128.0/24
name: my-network-with-route-ilb-next-hop
next_hop_gateway: null
next_hop_ilb: regions/europe-west1/forwardingRules/test
next_hop_instance: null
next_hop_vpn_tunnel: null
priority: 1000
project: my-project
tags: null
module.vpc["instance"].google_compute_network.network[0]:
name: my-network-with-route-instance
project: my-project
routing_mode: GLOBAL
module.vpc["instance"].google_compute_route.gateway["gateway"]:
dest_range: 0.0.0.0/0
name: my-network-with-route-instance-gateway
next_hop_gateway: global/gateways/default-internet-gateway
next_hop_ilb: null
next_hop_instance: null
next_hop_vpn_tunnel: null
priority: 100
project: my-project
tags:
- tag-a
module.vpc["instance"].google_compute_route.instance["next-hop"]:
dest_range: 192.168.128.0/24
name: my-network-with-route-instance-next-hop
next_hop_gateway: null
next_hop_ilb: null
next_hop_instance: zones/europe-west1-b/test
next_hop_instance_zone: europe-west1-b
next_hop_vpn_tunnel: null
priority: 1000
project: my-project
tags: null
module.vpc["ip"].google_compute_network.network[0]:
name: my-network-with-route-ip
project: my-project
routing_mode: GLOBAL
module.vpc["ip"].google_compute_route.gateway["gateway"]:
dest_range: 0.0.0.0/0
name: my-network-with-route-ip-gateway
next_hop_gateway: global/gateways/default-internet-gateway
next_hop_ilb: null
next_hop_instance: null
next_hop_vpn_tunnel: null
priority: 100
project: my-project
tags:
- tag-a
module.vpc["ip"].google_compute_route.ip["next-hop"]:
dest_range: 192.168.128.0/24
name: my-network-with-route-ip-next-hop
next_hop_gateway: null
next_hop_ilb: null
next_hop_instance: null
next_hop_ip: 192.168.0.128
next_hop_vpn_tunnel: null
priority: 1000
project: my-project
tags: null
module.vpc["vpn_tunnel"].google_compute_network.network[0]:
name: my-network-with-route-vpn-tunnel
project: my-project
routing_mode: GLOBAL
module.vpc["vpn_tunnel"].google_compute_route.gateway["gateway"]:
dest_range: 0.0.0.0/0
name: my-network-with-route-vpn-tunnel-gateway
next_hop_gateway: global/gateways/default-internet-gateway
next_hop_ilb: null
next_hop_instance: null
next_hop_vpn_tunnel: null
priority: 100
project: my-project
tags:
- tag-a
module.vpc["vpn_tunnel"].google_compute_route.vpn_tunnel["next-hop"]:
dest_range: 192.168.128.0/24
name: my-network-with-route-vpn-tunnel-next-hop
next_hop_gateway: null
next_hop_ilb: null
next_hop_instance: null
next_hop_vpn_tunnel: regions/europe-west1/vpnTunnels/foo
priority: 1000
project: my-project
tags: null
counts:
google_compute_network: 5
google_compute_route: 10

51
tests/modules/net_vpc/examples/shared-vpc.yaml Normal file
View File

@ -0,0 +1,51 @@
# Copyright 2023 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
values:
module.vpc-host.google_compute_network.network[0]:
name: my-host-network
project: my-project
module.vpc-host.google_compute_shared_vpc_host_project.shared_vpc_host[0]:
project: my-project
module.vpc-host.google_compute_shared_vpc_service_project.service_projects["project1"]:
host_project: my-project
service_project: project1
module.vpc-host.google_compute_shared_vpc_service_project.service_projects["project2"]:
host_project: my-project
service_project: project2
module.vpc-host.google_compute_subnetwork.subnetwork["europe-west1/subnet-1"]: {}
module.vpc-host.google_compute_subnetwork_iam_binding.binding["europe-west1/subnet-1.roles/compute.networkUser"]:
condition: []
members:
- serviceAccount:cloudsvc
- serviceAccount:gke
project: my-project
region: europe-west1
role: roles/compute.networkUser
subnetwork: subnet-1
module.vpc-host.google_compute_subnetwork_iam_binding.binding["europe-west1/subnet-1.roles/compute.securityAdmin"]:
condition: []
members:
- serviceAccount:gke
project: my-project
region: europe-west1
role: roles/compute.securityAdmin
subnetwork: subnet-1
counts:
google_compute_network: 1
google_compute_shared_vpc_host_project: 1
google_compute_shared_vpc_service_project: 2
google_compute_subnetwork: 1
google_compute_subnetwork_iam_binding: 2

50
tests/modules/net_vpc/examples/simple.yaml Normal file
View File

@ -0,0 +1,50 @@
# Copyright 2023 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
values:
module.vpc.google_compute_network.network[0]:
auto_create_subnetworks: false
delete_default_routes_on_create: false
description: Terraform-managed.
name: my-network
project: my-project
routing_mode: GLOBAL
module.vpc.google_compute_subnetwork.subnetwork["europe-west1/production"]:
description: Terraform-managed.
ip_cidr_range: 10.0.0.0/24
log_config: []
name: production
private_ip_google_access: true
project: my-project
region: europe-west1
role: null
secondary_ip_range:
- ip_cidr_range: 172.16.0.0/20
range_name: pods
- ip_cidr_range: 192.168.0.0/24
range_name: services
module.vpc.google_compute_subnetwork.subnetwork["europe-west2/production"]:
description: Terraform-managed.
ip_cidr_range: 10.0.16.0/24
log_config: []
name: production
private_ip_google_access: true
project: my-project
region: europe-west2
role: null
secondary_ip_range: []
counts:
google_compute_network: 1
google_compute_subnetwork: 2

54
tests/modules/net_vpc/examples/subnet-iam.yaml Normal file
View File

@ -0,0 +1,54 @@
# Copyright 2023 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
values:
module.vpc.google_compute_network.network[0]:
name: my-network
project: my-project
module.vpc.google_compute_subnetwork.subnetwork["europe-west1/subnet-1"]:
name: subnet-1
project: my-project
region: europe-west1
module.vpc.google_compute_subnetwork.subnetwork["europe-west1/subnet-2"]:
name: subnet-2
private_ip_google_access: true
project: my-project
region: europe-west1
module.vpc.google_compute_subnetwork_iam_binding.binding["europe-west1/subnet-1.roles/compute.networkUser"]:
condition: []
members:
- group:group1@example.com
- user:user1@example.com
project: my-project
region: europe-west1
role: roles/compute.networkUser
subnetwork: subnet-1
module.vpc.google_compute_subnetwork_iam_binding.binding["europe-west1/subnet-2.roles/compute.networkUser"]:
condition: []
members:
- group:group2@example.com
- user:user2@example.com
project: my-project
region: europe-west1
role: roles/compute.networkUser
subnetwork: subnet-2
counts:
google_compute_network: 1
google_compute_subnetwork: 2
google_compute_subnetwork_iam_binding: 2
modules: 1
resources: 5
outputs: {}

70
tests/modules/net_vpc/examples/subnet-options.yaml Normal file
View File

@ -0,0 +1,70 @@
# Copyright 2023 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
values:
module.vpc.google_compute_network.network[0]:
name: my-network
project: my-project
module.vpc.google_compute_subnetwork.subnetwork["europe-west1/no-pga"]:
description: Subnet b
ip_cidr_range: 10.0.1.0/24
log_config: []
name: no-pga
private_ip_google_access: false
project: my-project
region: europe-west1
secondary_ip_range: []
module.vpc.google_compute_subnetwork.subnetwork["europe-west1/simple"]:
description: Terraform-managed.
ip_cidr_range: 10.0.0.0/24
log_config: []
name: simple
private_ip_google_access: true
project: my-project
region: europe-west1
secondary_ip_range: []
module.vpc.google_compute_subnetwork.subnetwork["europe-west1/with-flow-logs"]:
description: Terraform-managed.
ip_cidr_range: 10.0.3.0/24
ipv6_access_type: null
log_config:
- aggregation_interval: INTERVAL_10_MIN
filter_expr: 'true'
flow_sampling: 0.5
metadata: INCLUDE_ALL_METADATA
metadata_fields: null
name: with-flow-logs
private_ip_google_access: true
project: my-project
region: europe-west1
role: null
secondary_ip_range: []
module.vpc.google_compute_subnetwork.subnetwork["europe-west1/with-secondary-ranges"]:
description: Terraform-managed.
ip_cidr_range: 10.0.2.0/24
log_config: []
name: with-secondary-ranges
private_ip_google_access: true
project: my-project
region: europe-west1
role: null
secondary_ip_range:
- ip_cidr_range: 192.168.0.0/24
range_name: a
- ip_cidr_range: 192.168.1.0/24
range_name: b
counts:
google_compute_network: 1
google_compute_subnetwork: 4

1
tests/modules/net_vpc/factory.tfvars
View File

@ -1 +0,0 @@
data_folder = "../../tests/modules/net_vpc/data"

44
tests/modules/net_vpc/factory.yaml
View File

@ -1,44 +0,0 @@
# Copyright 2022 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
values:
google_compute_subnetwork.subnetwork["europe-west1/factory-subnet"]:
description: 'Sample description'
ip_cidr_range: '10.128.0.0/24'
ipv6_access_type: null
log_config: []
name: 'factory-subnet'
private_ip_google_access: false
project: 'test-project'
region: 'europe-west1'
role: null
secondary_ip_range:
- ip_cidr_range: '192.168.128.0/24'
range_name: 'secondary-range-a'
google_compute_subnetwork.subnetwork["europe-west4/factory-subnet2"]:
description: 'Sample description'
ip_cidr_range: '10.129.0.0/24'
log_config: []
name: 'factory-subnet2'
private_ip_google_access: true
project: 'test-project'
region: 'europe-west4'
role: null
secondary_ip_range: []
# FIXME: should we have some bindings here?
counts:
google_compute_network: 1
google_compute_subnetwork: 2

30
tests/modules/net_vpc/fixture/main.tf
View File

@ -1,30 +0,0 @@
/**
* Copyright 2022 Google LLC
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
module "test" {
source = "../../../../modules/net-vpc"
project_id = "test-project"
name = "test"
peering_config = var.peering_config
routes = var.routes
shared_vpc_host = var.shared_vpc_host
shared_vpc_service_projects = var.shared_vpc_service_projects
subnet_iam = var.subnet_iam
subnets = var.subnets
auto_create_subnetworks = var.auto_create_subnetworks
psa_config = var.psa_config
data_folder = var.data_folder
}

44
tests/modules/net_vpc/fixture/test.subnets.tfvars
View File

@ -1,44 +0,0 @@
subnet_iam = {
"europe-west1/a" = {
"roles/compute.networkUser" = [
"user:a@example.com", "group:g-a@example.com"
]
}
"europe-west1/c" = {
"roles/compute.networkUser" = [
"user:c@example.com", "group:g-c@example.com"
]
}
}
subnets = [
{
name = "a"
region = "europe-west1"
ip_cidr_range = "10.0.0.0/24"
},
{
name = "b"
region = "europe-west1"
ip_cidr_range = "10.0.1.0/24",
description = "Subnet b"
enable_private_access = false
},
{
name = "c"
region = "europe-west1"
ip_cidr_range = "10.0.2.0/24"
secondary_ip_ranges = {
a = "192.168.0.0/24"
b = "192.168.1.0/24"
}
},
{
name = "d"
region = "europe-west1"
ip_cidr_range = "10.0.3.0/24"
flow_logs_config = {
flow_sampling = 0.5
aggregation_interval = "INTERVAL_10_MIN"
}
}
]

101
tests/modules/net_vpc/fixture/variables.tf
View File

@ -1,101 +0,0 @@
/**
* Copyright 2022 Google LLC
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
variable "auto_create_subnetworks" {
type = bool
default = false
}
variable "data_folder" {
type = string
default = null
}
variable "delete_default_routes_on_create" {
type = bool
default = false
}
variable "description" {
type = string
default = "Terraform-managed."
}
variable "dns_policy" {
type = any
default = null
}
variable "mtu" {
type = number
default = null
}
variable "peering_config" {
type = any
default = null
}
variable "psa_config" {
type = any
default = null
}
variable "routes" {
type = any
default = {}
nullable = false
}
variable "routing_mode" {
type = string
default = "GLOBAL"
}
variable "shared_vpc_host" {
type = bool
default = false
}
variable "shared_vpc_service_projects" {
type = list(string)
default = []
}
variable "subnets" {
type = any
default = []
}
variable "subnet_iam" {
type = map(map(list(string)))
default = {}
}
variable "subnets_proxy_only" {
type = any
default = []
}
variable "subnets_psc" {
type = any
default = []
}
variable "vpc_create" {
type = bool
default = true
}

5
tests/modules/net_vpc/peering.tfvars
View File

@ -1,5 +0,0 @@
peering_config = {
peer_vpc_self_link = "projects/my-project/global/networks/peer"
export_routes = true
import_routes = null
}

7
tests/modules/net_vpc/psa_simple.tfvars
View File

@ -1,7 +0,0 @@
psa_config = {
ranges = {
bar = "172.16.100.0/24"
foo = "172.16.101.0/24"
}
routes = null
}

70
tests/modules/net_vpc/psa_simple.yaml
View File

@ -1,70 +0,0 @@
# Copyright 2022 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
values:
google_compute_global_address.psa_ranges["bar"]:
address: 172.16.100.0
address_type: INTERNAL
description: null
ip_version: null
name: bar
prefix_length: 24
project: test-project
purpose: VPC_PEERING
google_compute_global_address.psa_ranges["foo"]:
address: 172.16.101.0
address_type: INTERNAL
description: null
ip_version: null
name: foo
prefix_length: 24
project: test-project
purpose: VPC_PEERING
google_compute_network.network[0]:
auto_create_subnetworks: false
delete_default_routes_on_create: false
description: Terraform-managed.
enable_ula_internal_ipv6: null
name: test
project: test-project
routing_mode: GLOBAL
google_compute_network_peering_routes_config.psa_routes["1"]:
export_custom_routes: false
import_custom_routes: false
project: test-project
google_service_networking_connection.psa_connection["1"]:
reserved_peering_ranges:
- bar
- foo
service: servicenetworking.googleapis.com
counts:
google_compute_global_address: 2
google_compute_network: 1
google_compute_network_peering_routes_config: 1
google_service_networking_connection: 1
outputs:
bindings: {}
name: __missing__
network: __missing__
project_id: test-project
self_link: __missing__
subnet_ips: {}
subnet_regions: {}
subnet_secondary_ranges: {}
subnet_self_links: {}
subnets: {}
subnets_proxy_only: {}
subnets_psc: {}

1
tests/modules/net_vpc/simple.tfvars
View File

@ -1 +0,0 @@
# skip boilerplate check

44
tests/modules/net_vpc/subnets.tfvars
View File

@ -1,44 +0,0 @@
subnet_iam = {
"europe-west1/a" = {
"roles/compute.networkUser" = [
"user:a@example.com", "group:g-a@example.com"
]
}
"europe-west1/c" = {
"roles/compute.networkUser" = [
"user:c@example.com", "group:g-c@example.com"
]
}
}
subnets = [
{
name = "a"
region = "europe-west1"
ip_cidr_range = "10.0.0.0/24"
},
{
name = "b"
region = "europe-west1"
ip_cidr_range = "10.0.1.0/24",
description = "Subnet b"
enable_private_access = false
},
{
name = "c"
region = "europe-west1"
ip_cidr_range = "10.0.2.0/24"
secondary_ip_ranges = {
a = "192.168.0.0/24"
b = "192.168.1.0/24"
}
},
{
name = "d"
region = "europe-west1"
ip_cidr_range = "10.0.3.0/24"
flow_logs_config = {
flow_sampling = 0.5
aggregation_interval = "INTERVAL_10_MIN"
}
}
]

120
tests/modules/net_vpc/subnets.yaml
View File

@ -1,120 +0,0 @@
# Copyright 2022 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
values:
google_compute_network.network[0]:
auto_create_subnetworks: false
delete_default_routes_on_create: false
description: Terraform-managed.
name: test
project: test-project
routing_mode: GLOBAL
google_compute_subnetwork.subnetwork["europe-west1/a"]:
description: Terraform-managed.
ip_cidr_range: 10.0.0.0/24
log_config: []
name: a
private_ip_google_access: true
project: test-project
region: europe-west1
role: null
secondary_ip_range: []
google_compute_subnetwork.subnetwork["europe-west1/b"]:
description: Subnet b
ip_cidr_range: 10.0.1.0/24
log_config: []
name: b
private_ip_google_access: false
project: test-project
region: europe-west1
role: null
secondary_ip_range: []
google_compute_subnetwork.subnetwork["europe-west1/c"]:
description: Terraform-managed.
ip_cidr_range: 10.0.2.0/24
ipv6_access_type: null
log_config: []
name: c
private_ip_google_access: true
project: test-project
region: europe-west1
role: null
secondary_ip_range:
- ip_cidr_range: 192.168.0.0/24
range_name: a
- ip_cidr_range: 192.168.1.0/24
range_name: b
google_compute_subnetwork.subnetwork["europe-west1/d"]:
description: Terraform-managed.
ip_cidr_range: 10.0.3.0/24
log_config:
- aggregation_interval: INTERVAL_10_MIN
filter_expr: 'true'
flow_sampling: 0.5
metadata: INCLUDE_ALL_METADATA
metadata_fields: null
name: d
private_ip_google_access: true
project: test-project
region: europe-west1
role: null
secondary_ip_range: []
google_compute_subnetwork_iam_binding.binding["europe-west1/a.roles/compute.networkUser"]:
condition: []
members:
- group:g-a@example.com
- user:a@example.com
project: test-project
region: europe-west1
role: roles/compute.networkUser
subnetwork: a
google_compute_subnetwork_iam_binding.binding["europe-west1/c.roles/compute.networkUser"]:
condition: []
members:
- group:g-c@example.com
- user:c@example.com
project: test-project
region: europe-west1
role: roles/compute.networkUser
subnetwork: c
counts:
google_compute_network: 1
google_compute_subnetwork: 4
google_compute_subnetwork_iam_binding: 2
outputs:
bindings: __missing__
project_id: test-project
subnet_ips:
europe-west1/a: 10.0.0.0/24
europe-west1/b: 10.0.1.0/24
europe-west1/c: 10.0.2.0/24
europe-west1/d: 10.0.3.0/24
subnet_regions:
europe-west1/a: europe-west1
europe-west1/b: europe-west1
europe-west1/c: europe-west1
europe-west1/d: europe-west1
subnet_secondary_ranges:
europe-west1/a: {}
europe-west1/b: {}
europe-west1/c:
a: 192.168.0.0/24
b: 192.168.1.0/24
europe-west1/d: {}
subnet_self_links: __missing__
subnets: __missing__
subnets_proxy_only: {}
subnets_psc: {}

47
tests/modules/net_vpc/test_routes.py
View File

@ -1,47 +0,0 @@
# Copyright 2022 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
import pytest
_route_parameters = [('gateway', 'global/gateways/default-internet-gateway'),
('instance', 'zones/europe-west1-b/test'),
('ip', '192.168.0.128'),
('ilb', 'regions/europe-west1/forwardingRules/test'),
('vpn_tunnel', 'regions/europe-west1/vpnTunnels/foo')]
@pytest.mark.parametrize('next_hop_type,next_hop', _route_parameters)
def test_vpc_routes(plan_summary, next_hop_type, next_hop):
'Test vpc routes.'
var_routes = '''{
next-hop = {
dest_range = "192.168.128.0/24"
tags = null
next_hop_type = "%s"
next_hop = "%s"
}
gateway = {
dest_range = "0.0.0.0/0",
priority = 100
tags = ["tag-a"]
next_hop_type = "gateway",
next_hop = "global/gateways/default-internet-gateway"
}
}''' % (next_hop_type, next_hop)
summary = plan_summary('modules/net-vpc', tf_var_files=['common.tfvars'],
routes=var_routes)
assert len(summary.values) == 3
route = summary.values[f'google_compute_route.{next_hop_type}["next-hop"]']
assert route[f'next_hop_{next_hop_type}'] == next_hop

7
tests/modules/net_vpc/tftest.yaml
View File

@ -1,4 +1,4 @@
# Copyright 2022 Google LLC # Copyright 2023 Google LLC
# #
# Licensed under the Apache License, Version 2.0 (the "License"); # Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License. # you may not use this file except in compliance with the License.
@ -17,12 +17,7 @@ common_tfvars:
- common.tfvars - common.tfvars
tests: tests:
simple:
subnets:
peering:
shared_vpc: shared_vpc:
factory:
psa_simple:
psa_routes_export: psa_routes_export:
psa_routes_import: psa_routes_import:
psa_routes_import_export: psa_routes_import_export:

2
tests/modules/organization/examples/basic.yaml
View File

@ -1,4 +1,4 @@
# Copyright 2022 Google LLC # Copyright 2023 Google LLC
# #
# Licensed under the Apache License, Version 2.0 (the "License"); # Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License. # you may not use this file except in compliance with the License.

8
tests/requirements.txt
View File

@ -1,6 +1,6 @@
pytest>=6.2.5 pytest>=7.2.1
PyYAML>=6.0 PyYAML>=6.0
tftest>=1.8.1 tftest>=1.8.1
marko>=1.2.0 marko>=1.2.2
deepdiff>=5.7.0 deepdiff>=6.2.3
python-hcl2>=3.0.5 python-hcl2>=4.3.0

36
tools/plan_summary.py
View File

@ -1,6 +1,6 @@
#!/usr/bin/env python3 #!/usr/bin/env python3
# Copyright 2022 Google LLC # Copyright 2023 Google LLC
# #
# Licensed under the Apache License, Version 2.0 (the "License"); # Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License. # you may not use this file except in compliance with the License.
@ -16,6 +16,7 @@
import click import click
import sys import sys
import tempfile
import yaml import yaml
from pathlib import Path from pathlib import Path
@ -27,17 +28,32 @@ import fixtures
@click.command() @click.command()
@click.option('--example', default=False, is_flag=True)
@click.argument('module', type=click.Path(), nargs=1) @click.argument('module', type=click.Path(), nargs=1)
@click.argument('tfvars', type=click.Path(exists=True), nargs=-1) @click.argument('tfvars', type=click.Path(exists=True), nargs=-1)
def main(module, tfvars): def main(example, module, tfvars):
module = BASEDIR / module try:
summary = fixtures.plan_summary(module, Path(), tfvars) if example:
print(yaml.dump({'values': summary.values})) tmp_dir = tempfile.TemporaryDirectory()
print(yaml.dump({'counts': summary.counts})) tmp_path = Path(tmp_dir.name)
outputs = { common_vars = BASEDIR / 'tests' / 'examples' / 'variables.tf'
k: v.get('value', '__missing__') for k, v in summary.outputs.items() (tmp_path / 'main.tf').symlink_to(module)
} (tmp_path / 'variables.tf').symlink_to(common_vars)
print(yaml.dump({'outputs': outputs})) (tmp_path / 'fabric').symlink_to(BASEDIR)
module = tmp_path
else:
module = BASEDIR / module
summary = fixtures.plan_summary(module, Path(), tfvars)
print(yaml.dump({'values': summary.values}))
print(yaml.dump({'counts': summary.counts}))
outputs = {
k: v.get('value', '__missing__') for k, v in summary.outputs.items()
}
print(yaml.dump({'outputs': outputs}))
finally:
if example:
tmp_dir.cleanup()
if __name__ == '__main__': if __name__ == '__main__':