zecfoundation
/
cloud-foundation-fabric
mirror of https://github.com/ZcashFoundation/cloud-foundation-fabric.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'master' into lcaggio/vertex-01

This commit is contained in:
Julio Castillo 2023-04-24 20:33:03 +02:00 committed by GitHub
parent 8488e866bc 2d76f80967
commit 8e55374717
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
135 changed files with 2232 additions and 1855 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
FABRIC-AND-CFT.md
View File

@ -161,4 +161,4 @@ Even with all the above points, it may be hard to make a decision. While the mod
* Since modules work well together within their ecosystem, select logical boundaries for using Fabric or CFT. For example use CFT for deploying resources within projects but use Fabric for managing project creation and IAM.
* Use strengths of each collection of modules to your advantage. Empower application teams to define their infrastructure as code using off the shelf CFT modules. Using Fabric, bootstrap your platform team with a collection of tailor built modules for your organization.
* Lean into module composition and dependency inversion that both Fabric and CFT modules follow. For example, you can create a GKE cluster using either [Fabric](https://github.com/GoogleCloudPlatform/cloud-foundation-fabric/tree/master/modules/gke-cluster#gke-cluster-module) or [CFT](https://github.com/terraform-google-modules/terraform-google-kubernetes-engine) GKE module and then use either [Fabric](https://github.com/GoogleCloudPlatform/cloud-foundation-fabric/tree/master/modules/gke-hub#variables) or [CFT](https://github.com/terraform-google-modules/terraform-google-kubernetes-engine/tree/master/modules/fleet-membership) for setting up GKE Hub by passing in outputs from the GKE module.
* Lean into module composition and dependency inversion that both Fabric and CFT modules follow. For example, you can create a GKE cluster using either [Fabric](https://github.com/GoogleCloudPlatform/cloud-foundation-fabric/tree/master/modules/gke-cluster-standard#gke-cluster-module) or [CFT](https://github.com/terraform-google-modules/terraform-google-kubernetes-engine) GKE module and then use either [Fabric](https://github.com/GoogleCloudPlatform/cloud-foundation-fabric/tree/master/modules/gke-hub#variables) or [CFT](https://github.com/terraform-google-modules/terraform-google-kubernetes-engine/tree/master/modules/fleet-membership) for setting up GKE Hub by passing in outputs from the GKE module.

2
README.md
View File

@ -31,7 +31,7 @@ Currently available modules:
- **foundational** - [billing budget](./modules/billing-budget), [Cloud Identity group](./modules/cloud-identity-group/), [folder](./modules/folder), [service accounts](./modules/iam-service-account), [logging bucket](./modules/logging-bucket), [organization](./modules/organization), [project](./modules/project), [projects-data-source](./modules/projects-data-source)
- **networking** - [DNS](./modules/dns), [DNS Response Policy](./modules/dns-response-policy/), [Cloud Endpoints](./modules/endpoints), [address reservation](./modules/net-address), [NAT](./modules/net-cloudnat), [Global Load Balancer (classic)](./modules/net-glb/), [L4 ILB](./modules/net-ilb), [L7 ILB](./modules/net-ilb-l7), [VPC](./modules/net-vpc), [VPC firewall](./modules/net-vpc-firewall), [VPC firewall policy](./modules/net-vpc-firewall-policy), [VPC peering](./modules/net-vpc-peering), [VPN dynamic](./modules/net-vpn-dynamic), [HA VPN](./modules/net-vpn-ha), [VPN static](./modules/net-vpn-static), [Service Directory](./modules/service-directory)
- **compute** - [VM/VM group](./modules/compute-vm), [MIG](./modules/compute-mig), [COS container](./modules/cloud-config-container/cos-generic-metadata/) (coredns, mysql, onprem, squid), [GKE cluster](./modules/gke-cluster), [GKE hub](./modules/gke-hub), [GKE nodepool](./modules/gke-nodepool)
- **compute** - [VM/VM group](./modules/compute-vm), [MIG](./modules/compute-mig), [COS container](./modules/cloud-config-container/cos-generic-metadata/) (coredns, mysql, onprem, squid), [GKE cluster](./modules/gke-cluster-standard), [GKE hub](./modules/gke-hub), [GKE nodepool](./modules/gke-nodepool)
- **data** - [BigQuery dataset](./modules/bigquery-dataset), [Bigtable instance](./modules/bigtable-instance), [Cloud SQL instance](./modules/cloudsql-instance), [Data Catalog Policy Tag](./modules/data-catalog-policy-tag), [Datafusion](./modules/datafusion), [Dataproc](./modules/dataproc), [GCS](./modules/gcs), [Pub/Sub](./modules/pubsub)
- **development** - [API Gateway](./modules/api-gateway), [Apigee](./modules/apigee), [Artifact Registry](./modules/artifact-registry), [Container Registry](./modules/container-registry), [Cloud Source Repository](./modules/source-repository)
- **security** - [Binauthz](./modules/binauthz/), [KMS](./modules/kms), [SecretManager](./modules/secret-manager), [VPC Service Control](./modules/vpc-sc)

2
blueprints/apigee/hybrid-gke/gke.tf
View File

@ -15,7 +15,7 @@
*/
module "cluster" {
source = "../../../modules/gke-cluster"
source = "../../../modules/gke-cluster-standard"
project_id = module.project.project_id
name = "cluster"
location = var.region

12
blueprints/gke/autopilot/bundle/locust/master.yaml
View File

@ -54,10 +54,10 @@ spec:
protocol: TCP
resources:
requests:
cpu: 50m
memory: 50Mi
cpu: 250m
memory: 500Mi
limits:
memory: 50Mi
memory: 500Mi
- name: locust-prometheus-exporter
image: containersol/locust_exporter
ports:
@ -65,10 +65,10 @@ spec:
containerPort: 9646
resources:
requests:
cpu: 5m
memory: 5Mi
cpu: 250m
memory: 500Mi
limits:
memory: 5Mi
memory: 500Mi
---
kind: Service
apiVersion: v1

6
blueprints/gke/autopilot/bundle/locust/workers.yaml
View File

@ -46,7 +46,7 @@ spec:
value: locust-master
resources:
requests:
cpu: 20m
memory: 50Mi
cpu: 250m
memory: 500Mi
limits:
memory: 50Mi
memory: 500Mi

6
blueprints/gke/autopilot/bundle/monitoring/custom-stackdriver-metrics-adapter.yaml
View File

@ -89,10 +89,10 @@ spec:
- --use-new-resource-model=false
resources:
limits:
cpu: 100m
memory: 150Mi
cpu: 250m
memory: 500Mi
requests:
memory: 150Mi
memory: 500Mi
---
apiVersion: v1
kind: Service

6
blueprints/gke/autopilot/bundle/monitoring/frontend.yaml
View File

@ -52,10 +52,10 @@ spec:
containerPort: 9090
resources:
requests:
cpu: 10m
memory: 15Mi
cpu: 250m
memory: 500Mi
limits:
memory: 15Mi
memory: 500Mi
readinessProbe:
httpGet:
path: /-/ready

6
blueprints/gke/autopilot/bundle/monitoring/grafana.yaml
View File

@ -135,10 +135,10 @@ spec:
subPath: "dashboardproviders.yaml"
resources:
requests:
cpu: 30m
memory: 100Mi
cpu: 250m
memory: 500Mi
limits:
memory: 100Mi
memory: 500Mi
livenessProbe:
failureThreshold: 10
httpGet:

6
blueprints/gke/autopilot/bundle/monitoring/kube-state-metrics.yaml
View File

@ -70,10 +70,10 @@ spec:
containerPort: 8081
resources:
requests:
cpu: 10m
memory: 50Mi
cpu: 250m
memory: 500Mi
limits:
memory: 50Mi
memory: 500Mi
securityContext:
allowPrivilegeEscalation: false
privileged: false

26
blueprints/gke/autopilot/cluster.tf
View File

@ -15,7 +15,7 @@
*/
module "cluster" {
source = "../../../modules/gke-cluster"
source = "../../../modules/gke-cluster-autopilot"
project_id = module.project.project_id
name = "cluster"
location = var.region
@ -29,18 +29,18 @@ module "cluster" {
master_authorized_ranges = var.cluster_network_config.master_authorized_cidr_blocks
master_ipv4_cidr_block = var.cluster_network_config.master_cidr_block
}
enable_features = {
autopilot = true
}
monitoring_config = {
enenable_components = ["SYSTEM_COMPONENTS"]
managed_prometheus = true
}
cluster_autoscaling = {
auto_provisioning_defaults = {
service_account = module.node_sa.email
}
}
# enable_features = {
# autopilot = true
# }
# monitoring_config = {
# enenable_components = ["SYSTEM_COMPONENTS"]
# managed_prometheus = true
# }
# cluster_autoscaling = {
# auto_provisioning_defaults = {
# service_account = module.node_sa.email
# }
# }
release_channel = "RAPID"
depends_on = [
module.project

2
blueprints/gke/binauthz/main.tf
View File

@ -83,7 +83,7 @@ module "nat" {
}
module "cluster" {
source = "../../../modules/gke-cluster"
source = "../../../modules/gke-cluster-standard"
project_id = module.project.project_id
name = "${var.prefix}-cluster"
location = var.zone

3
blueprints/gke/multi-cluster-mesh-gke-fleet-api/README.md
View File

@ -53,7 +53,7 @@ Once done testing, you can clean up resources by running `terraform destroy`.
| name | description | modules | resources |
|---|---|---|---|
| [ansible.tf](./ansible.tf) | Ansible generated files. | | <code>local_file</code> |
| [gke.tf](./gke.tf) | GKE cluster and hub resources. | <code>gke-cluster</code> · <code>gke-hub</code> · <code>gke-nodepool</code> | |
| [gke.tf](./gke.tf) | GKE cluster and hub resources. | <code>gke-cluster-standard</code> · <code>gke-hub</code> · <code>gke-nodepool</code> | |
| [main.tf](./main.tf) | Project resources. | <code>project</code> | |
| [variables.tf](./variables.tf) | Module variables. | | |
| [vm.tf](./vm.tf) | Management server. | <code>compute-vm</code> | |
@ -75,7 +75,6 @@ Once done testing, you can clean up resources by running `terraform destroy`.
| [region](variables.tf#L99) | Region. | <code>string</code> | | <code>&#34;europe-west1&#34;</code> |
<!-- END TFDOC -->
## Test
```hcl

2
blueprints/gke/multi-cluster-mesh-gke-fleet-api/gke.tf
View File

@ -18,7 +18,7 @@
module "clusters" {
for_each = var.clusters_config
source = "../../../modules/gke-cluster"
source = "../../../modules/gke-cluster-standard"
project_id = module.fleet_project.project_id
name = each.key
location = var.region

2
blueprints/gke/multitenant-fleet/README.md
View File

@ -234,7 +234,7 @@ module "gke" {
| name | description | modules |
|---|---|---|
| [gke-clusters.tf](./gke-clusters.tf) | GKE clusters. | <code>gke-cluster</code> |
| [gke-clusters.tf](./gke-clusters.tf) | GKE clusters. | <code>gke-cluster-standard</code> |
| [gke-hub.tf](./gke-hub.tf) | GKE hub configuration. | <code>gke-hub</code> |
| [gke-nodepools.tf](./gke-nodepools.tf) | GKE nodepools. | <code>gke-nodepool</code> |
| [main.tf](./main.tf) | Project and usage dataset. | <code>bigquery-dataset</code> · <code>project</code> |

2
blueprints/gke/multitenant-fleet/gke-clusters.tf
View File

@ -17,7 +17,7 @@
# tfdoc:file:description GKE clusters.
module "gke-cluster" {
source = "../../../modules/gke-cluster"
source = "../../../modules/gke-cluster-standard"
for_each = var.clusters
name = each.key
project_id = module.gke-project-0.project_id

2
blueprints/networking/hub-and-spoke-peering/main.tf
View File

@ -240,7 +240,7 @@ module "service-account-gce" {
################################################################################
module "cluster-1" {
source = "../../../modules/gke-cluster"
source = "../../../modules/gke-cluster-standard"
name = "${var.prefix}-cluster-1"
project_id = module.project.project_id
location = "${var.region}-b"

2
blueprints/networking/shared-vpc-gke/main.tf
View File

@ -197,7 +197,7 @@ module "vm-bastion" {
################################################################################
module "cluster-1" {
source = "../../../modules/gke-cluster"
source = "../../../modules/gke-cluster-standard"
count = var.cluster_create ? 1 : 0
name = "cluster-1"
project_id = module.project-svc-gke.project_id

5
fast/stages-multitenant/0-bootstrap-tenant/README.md
View File

@ -85,7 +85,7 @@ As shown in the script output above, the provider file is a template used as a s
Note that the `outputs_location` variable is disabled by default, you need to explicitly set it in your `terraform.tfvars` file if you want output files to be generated by this stage. This is a sample `terraform.tfvars` that configures it, refer to the [org-level bootstrap stage documentation](../../stages/0-bootstrap/README.md#output-files-and-cross-stage-variables) for more details:
```hcl
```tfvars
outputs_location = "~/fast-config"
```
@ -97,7 +97,7 @@ The globals variable file linked above contains definition which were set for th
The tenant configuration resides in the `tenant_config` variable, this is an example configuration for a tenant with comments explaining the different choices that need to be made:
```hcl
```tfvars
tenant_config = {
# used for the top-level folder name
descriptive_name = "My First Tenant"
@ -142,7 +142,6 @@ tenant_config = {
# logging = "folders/0123456789"
# }
}
# tftest skip
```
Configure the tenant variable in a tfvars file for this stage. A few minor points worth noting:

2
fast/stages-multitenant/1-resman-tenant/README.md
View File

@ -116,7 +116,7 @@ Once that is done, stage-level configuration variables are the same as the corre
Note that the `outputs_location` variable is disabled by default, you need to explicitly set it in your `terraform.tfvars` file if you want output files to be generated by this stage. This is a sample `terraform.tfvars` that configures it, refer to the [org-level bootstrap stage documentation](../../stages/0-bootstrap/README.md#output-files-and-cross-stage-variables) for more details:
```hcl
```tfvars
outputs_location = "~/fast-config"
```

2
fast/stages/1-resman/README.md
View File

@ -112,7 +112,7 @@ The latter set is explained in the [Customization](#customizations) sections bel
Note that the `outputs_location` variable is disabled by default, you need to explicitly set it in your `terraform.tfvars` file if you want output files to be generated by this stage. This is a sample `terraform.tfvars` that configures it, refer to the [bootstrap stage documentation](../0-bootstrap/README.md#output-files-and-cross-stage-variables) for more details:
```hcl
```tfvars
outputs_location = "~/fast-config"
```

5
fast/stages/2-networking-a-peering/README.md
View File

@ -253,7 +253,7 @@ The latter set is explained in the [Customization](#customizations) sections bel
Note that the `outputs_location` variable is disabled by default, you need to explicitly set it in your `terraform.tfvars` file if you want output files to be generated by this stage. This is a sample `terraform.tfvars` that configures it, refer to the [bootstrap stage documentation](../0-bootstrap/README.md#output-files-and-cross-stage-variables) for more details:
```hcl
```tfvars
outputs_location = "~/fast-config"
```
@ -315,7 +315,7 @@ This stage includes basic support for an HA VPN connecting the landing zone in t
Support for the onprem VPN is disabled by default so that no resources are created, this is an example of how to configure the variable to enable the VPN:
```hcl
```tfvars
vpn_onprem_primary_config = {
peer_external_gateways = {
default = {
@ -357,7 +357,6 @@ vpn_onprem_primary_config = {
}
}
}
# tftest skip
```
### Adding an environment

5
fast/stages/2-networking-b-vpn/README.md
View File

@ -267,7 +267,7 @@ The latter set is explained in the [Customization](#customizations) sections bel
Note that the `outputs_location` variable is disabled by default, you need to explicitly set it in your `terraform.tfvars` file if you want output files to be generated by this stage. This is a sample `terraform.tfvars` that configures it, refer to the [bootstrap stage documentation](../0-bootstrap/README.md#output-files-and-cross-stage-variables) for more details:
```hcl
```tfvars
outputs_location = "~/fast-config"
```
@ -329,7 +329,7 @@ This stage includes basic support for an HA VPN connecting the landing zone in t
Support for the onprem VPN is disabled by default so that no resources are created, this is an example of how to configure the variable to enable the VPN:
```hcl
```tfvars
vpn_onprem_primary_config = {
peer_external_gateways = {
default = {
@ -371,7 +371,6 @@ vpn_onprem_primary_config = {
}
}
}
# tftest skip
```
### Adding an environment

5
fast/stages/2-networking-c-nva/README.md
View File

@ -335,7 +335,7 @@ The latter set is explained in the [Customization](#customizations) sections bel
Note that the `outputs_location` variable is disabled by default, you need to explicitly set it in your `terraform.tfvars` file if you want output files to be generated by this stage. This is a sample `terraform.tfvars` that configures it, refer to the [bootstrap stage documentation](../0-bootstrap/README.md#output-files-and-cross-stage-variables) for more details:
```hcl
```tfvars
outputs_location = "~/fast-config"
```
@ -397,7 +397,7 @@ This stage includes basic support for an HA VPN connecting the landing zone in t
Support for the onprem VPNs is disabled by default so that no resources are created, this is an example of how to configure one variable to enable the VPN in the primary region:
```hcl
```tfvars
vpn_onprem_primary_config = {
peer_external_gateways = {
default = {
@ -439,7 +439,6 @@ vpn_onprem_primary_config = {
}
}
}
# tftest skip
```
### Adding an environment

5
fast/stages/2-networking-d-separate-envs/README.md
View File

@ -215,7 +215,7 @@ The latter set is explained in the [Customization](#customizations) sections bel
Note that the `outputs_location` variable is disabled by default, you need to explicitly set it in your `terraform.tfvars` file if you want output files to be generated by this stage. This is a sample `terraform.tfvars` that configures it, refer to the [bootstrap stage documentation](../0-bootstrap/README.md#output-files-and-cross-stage-variables) for more details:
```hcl
```tfvars
outputs_location = "~/fast-config"
```
@ -270,7 +270,7 @@ This stage includes basic support for an HA VPN connecting each environment land
Support for the onprem VPNs is disabled by default so that no resources are created, this is an example of how to configure one variable to enable the VPN for dev in the primary region:
```hcl
```tfvars
vpn_onprem_dev_primary_config = {
peer_external_gateways = {
default = {
@ -312,7 +312,6 @@ vpn_onprem_dev_primary_config = {
}
}
}
# tftest skip
```
### Changing default regions

5
fast/stages/2-networking-e-nva-bgp/README.md
View File

@ -357,7 +357,7 @@ The latter set is explained in the [Customization](#customizations) sections bel
Note that the `outputs_location` variable is disabled by default, you need to explicitly set it in your `terraform.tfvars` file if you want output files to be generated by this stage. This is a sample `terraform.tfvars` that configures it, refer to the [bootstrap stage documentation](../0-bootstrap/README.md#output-files-and-cross-stage-variables) for more details:
```hcl
```tfvars
outputs_location = "~/fast-config"
```
@ -419,7 +419,7 @@ This stage includes basic support for an HA VPN connecting the landing zone in t
Support for the onprem VPNs is disabled by default so that no resources are created, this is an example of how to configure one variable to enable the VPN in the primary region:
```hcl
```tfvars
vpn_onprem_primary_config = {
peer_external_gateways = {
default = {
@ -461,7 +461,6 @@ vpn_onprem_primary_config = {
}
}
}
# tftest skip
```
### Adding an environment

2
fast/stages/2-security/README.md
View File

@ -110,7 +110,7 @@ The latter set is explained in the [Customization](#customizations) sections bel
Note that the `outputs_location` variable is disabled by default, you need to explicitly set it in your `terraform.tfvars` file if you want output files to be generated by this stage. This is a sample `terraform.tfvars` that configures it, refer to the [bootstrap stage documentation](../0-bootstrap/README.md#output-files-and-cross-stage-variables) for more details:
```hcl
```tfvars
outputs_location = "~/fast-config"
```

3
modules/README.md
View File

@ -63,7 +63,8 @@ These modules are used in the examples included in this repository. If you are u
- [VM/VM group](./compute-vm)
- [MIG](./compute-mig)
- [COS container](./cloud-config-container/cos-generic-metadata/) (coredns/mysql/nva/onprem/squid)
- [GKE cluster](./gke-cluster)
- [GKE autopilot cluster](./gke-cluster-autopilot)
- [GKE standard cluster](./gke-cluster-standard)
- [GKE hub](./gke-hub)
- [GKE nodepool](./gke-nodepool)

12
modules/bigquery-dataset/README.md
View File

@ -35,7 +35,7 @@ module "bigquery-dataset" {
view_1 = "my-project|my-dataset|my-table"
}
}
# tftest modules=1 resources=5
# tftest modules=1 resources=5 inventory=simple.yaml
```
### IAM roles
@ -51,7 +51,7 @@ module "bigquery-dataset" {
"roles/bigquery.dataOwner" = ["user:user1@example.org"]
}
}
# tftest modules=1 resources=2
# tftest modules=1 resources=2 inventory=iam.yaml
```
### Dataset options
@ -70,7 +70,7 @@ module "bigquery-dataset" {
max_time_travel_hours = 168
}
}
# tftest modules=1 resources=1
# tftest modules=1 resources=1 inventory=options.yaml
```
### Tables and views
@ -100,7 +100,7 @@ module "bigquery-dataset" {
}
}
}
# tftest modules=1 resources=2
# tftest modules=1 resources=2 inventory=tables.yaml
```
If partitioning is needed, populate the `partitioning` variable using either the `time` or `range` attribute.
@ -132,7 +132,7 @@ module "bigquery-dataset" {
}
}
}
# tftest modules=1 resources=2
# tftest modules=1 resources=2 inventory=partitioning.yaml
```
To create views use the `view` variable. If you're querying a table created by the same module `terraform apply` will initially fail and eventually succeed once the underlying table has been created. You can probably also use the module's output in the view's query to create a dependency on the table.
@ -170,7 +170,7 @@ module "bigquery-dataset" {
}
}
# tftest modules=1 resources=3
# tftest modules=1 resources=3 inventory=views.yaml
```
<!-- BEGIN TFDOC -->

4
modules/billing-budget/README.md
View File

@ -32,7 +32,7 @@ module "budget" {
emails = ["user@example.com"]
}
}
# tftest modules=1 resources=2
# tftest modules=1 resources=2 inventory=email.yaml
```
### Pubsub notification
@ -59,7 +59,7 @@ module "pubsub" {
name = "budget-topic"
}
# tftest modules=2 resources=2
# tftest modules=2 resources=2 inventory=pubsub.yaml
```
<!-- BEGIN TFDOC -->

8
modules/compute-mig/README.md
View File

@ -46,7 +46,7 @@ module "nginx-mig" {
target_size = 2
instance_template = module.nginx-template.template.self_link
}
# tftest modules=2 resources=2
# tftest modules=2 resources=2 inventory=simple.yaml
```
### Multiple versions
@ -149,7 +149,7 @@ module "nginx-mig" {
}
}
}
# tftest modules=2 resources=3
# tftest modules=2 resources=3 inventory=health-check.yaml
```
### Autoscaling
@ -202,7 +202,7 @@ module "nginx-mig" {
}
}
}
# tftest modules=2 resources=3
# tftest modules=2 resources=3 inventory=autoscaling.yaml
```
### Update policy
@ -408,7 +408,7 @@ module "nginx-mig" {
}
}
}
# tftest modules=2 resources=4
# tftest modules=2 resources=4 inventory=stateful.yaml
```
<!-- BEGIN TFDOC -->

132
modules/gke-cluster-autopilot/README.md Normal file
View File

@ -0,0 +1,132 @@
# GKE cluster Autopilot module
This module allows simplified creation and management of GKE Autopilot clusters. Some sensible defaults are set initially, in order to allow less verbose usage for most use cases.
## Example
### GKE Cluster
```hcl
module "cluster-1" {
source = "./fabric/modules/gke-cluster-autopilot"
project_id = "myproject"
name = "cluster-1"
location = "europe-west1"
vpc_config = {
network = var.vpc.self_link
subnetwork = var.subnet.self_link
secondary_range_names = {
pods = "pods"
services = "services"
}
master_authorized_ranges = {
internal-vms = "10.0.0.0/8"
}
master_ipv4_cidr_block = "192.168.0.0/28"
}
private_cluster_config = {
enable_private_endpoint = true
master_global_access = false
}
labels = {
environment = "dev"
}
}
# tftest modules=1 resources=1 inventory=basic.yaml
```
### Cloud DNS
This example shows how to [use Cloud DNS as a Kubernetes DNS provider](https://cloud.google.com/kubernetes-engine/docs/how-to/cloud-dns) for GKE Standard clusters.
```hcl
module "cluster-1" {
source = "./fabric/modules/gke-cluster-autopilot"
project_id = var.project_id
name = "cluster-1"
location = "europe-west1"
vpc_config = {
network = var.vpc.self_link
subnetwork = var.subnet.self_link
secondary_range_names = { pods = "pods", services = "services" }
}
enable_features = {
dns = {
provider = "CLOUD_DNS"
scope = "CLUSTER_SCOPE"
domain = "gke.local"
}
}
}
# tftest modules=1 resources=1 inventory=dns.yaml
```
### Backup for GKE
This example shows how to [enable the Backup for GKE agent and configure a Backup Plan](https://cloud.google.com/kubernetes-engine/docs/add-on/backup-for-gke/concepts/backup-for-gke) for GKE Standard clusters.
```hcl
module "cluster-1" {
source = "./fabric/modules/gke-cluster-autopilot"
project_id = var.project_id
name = "cluster-1"
location = "europe-west1"
vpc_config = {
network = var.vpc.self_link
subnetwork = var.subnet.self_link
secondary_range_names = { pods = "pods", services = "services" }
}
backup_configs = {
enable_backup_agent = true
backup_plans = {
"backup-1" = {
region = "europe-west-2"
schedule = "0 9 * * 1"
}
}
}
}
# tftest modules=1 resources=2 inventory=backup.yaml
```
<!-- BEGIN TFDOC -->
## Variables
| name | description | type | required | default |
|---|---|:---:|:---:|:---:|
| [location](variables.tf#L106) | Autopilot cluster are always regional. | <code>string</code> | ✓ | |
| [name](variables.tf#L141) | Cluster name. | <code>string</code> | ✓ | |
| [project_id](variables.tf#L167) | Cluster project id. | <code>string</code> | ✓ | |
| [vpc_config](variables.tf#L190) | VPC-level configuration. | <code title="object&#40;&#123;&#10; network &#61; string&#10; subnetwork &#61; string&#10; master_ipv4_cidr_block &#61; optional&#40;string&#41;&#10; secondary_range_blocks &#61; optional&#40;object&#40;&#123;&#10; pods &#61; string&#10; services &#61; string&#10; &#125;&#41;&#41;&#10; secondary_range_names &#61; optional&#40;object&#40;&#123;&#10; pods &#61; string&#10; services &#61; string&#10; &#125;&#41;, &#123; pods &#61; &#34;pods&#34;, services &#61; &#34;services&#34; &#125;&#41;&#10; master_authorized_ranges &#61; optional&#40;map&#40;string&#41;&#41;&#10;&#125;&#41;">object&#40;&#123;&#8230;&#125;&#41;</code> | ✓ | |
| [backup_configs](variables.tf#L17) | Configuration for Backup for GKE. | <code title="object&#40;&#123;&#10; enable_backup_agent &#61; optional&#40;bool, false&#41;&#10; backup_plans &#61; optional&#40;map&#40;object&#40;&#123;&#10; region &#61; string&#10; schedule &#61; string&#10; retention_policy_days &#61; optional&#40;string&#41;&#10; retention_policy_lock &#61; optional&#40;bool, false&#41;&#10; retention_policy_delete_lock_days &#61; optional&#40;string&#41;&#10; &#125;&#41;&#41;, &#123;&#125;&#41;&#10;&#125;&#41;">object&#40;&#123;&#8230;&#125;&#41;</code> | | <code>&#123;&#125;</code> |
| [description](variables.tf#L33) | Cluster description. | <code>string</code> | | <code>null</code> |
| [enable_addons](variables.tf#L39) | Addons enabled in the cluster (true means enabled). | <code title="object&#40;&#123;&#10; cloudrun &#61; optional&#40;bool, false&#41;&#10; config_connector &#61; optional&#40;bool, false&#41;&#10; dns_cache &#61; optional&#40;bool, false&#41;&#10; horizontal_pod_autoscaling &#61; optional&#40;bool, false&#41;&#10; http_load_balancing &#61; optional&#40;bool, false&#41;&#10; istio &#61; optional&#40;object&#40;&#123;&#10; enable_tls &#61; bool&#10; &#125;&#41;&#41;&#10; kalm &#61; optional&#40;bool, false&#41;&#10; network_policy &#61; optional&#40;bool, false&#41;&#10;&#125;&#41;">object&#40;&#123;&#8230;&#125;&#41;</code> | | <code title="&#123;&#10; horizontal_pod_autoscaling &#61; true&#10; http_load_balancing &#61; true&#10;&#125;">&#123;&#8230;&#125;</code> |
| [enable_features](variables.tf#L60) | Enable cluster-level features. Certain features allow configuration. | <code title="object&#40;&#123;&#10; binary_authorization &#61; optional&#40;bool, false&#41;&#10; dns &#61; optional&#40;object&#40;&#123;&#10; provider &#61; optional&#40;string&#41;&#10; scope &#61; optional&#40;string&#41;&#10; domain &#61; optional&#40;string&#41;&#10; &#125;&#41;&#41;&#10; database_encryption &#61; optional&#40;object&#40;&#123;&#10; state &#61; string&#10; key_name &#61; string&#10; &#125;&#41;&#41;&#10; gateway_api &#61; optional&#40;bool, false&#41;&#10; groups_for_rbac &#61; optional&#40;string&#41;&#10; l4_ilb_subsetting &#61; optional&#40;bool, false&#41;&#10; mesh_certificates &#61; optional&#40;bool&#41;&#10; pod_security_policy &#61; optional&#40;bool, false&#41;&#10; resource_usage_export &#61; optional&#40;object&#40;&#123;&#10; dataset &#61; string&#10; enable_network_egress_metering &#61; optional&#40;bool&#41;&#10; enable_resource_consumption_metering &#61; optional&#40;bool&#41;&#10; &#125;&#41;&#41;&#10; tpu &#61; optional&#40;bool, false&#41;&#10; upgrade_notifications &#61; optional&#40;object&#40;&#123;&#10; topic_id &#61; optional&#40;string&#41;&#10; &#125;&#41;&#41;&#10; vertical_pod_autoscaling &#61; optional&#40;bool, false&#41;&#10;&#125;&#41;">object&#40;&#123;&#8230;&#125;&#41;</code> | | <code title="&#123;&#10;&#10;&#10;&#125;">&#123;&#8230;&#125;</code> |
| [issue_client_certificate](variables.tf#L94) | Enable issuing client certificate. | <code>bool</code> | | <code>false</code> |
| [labels](variables.tf#L100) | Cluster resource labels. | <code>map&#40;string&#41;</code> | | <code>null</code> |
| [maintenance_config](variables.tf#L112) | Maintenance window configuration. | <code title="object&#40;&#123;&#10; daily_window_start_time &#61; optional&#40;string&#41;&#10; recurring_window &#61; optional&#40;object&#40;&#123;&#10; start_time &#61; string&#10; end_time &#61; string&#10; recurrence &#61; string&#10; &#125;&#41;&#41;&#10; maintenance_exclusions &#61; optional&#40;list&#40;object&#40;&#123;&#10; name &#61; string&#10; start_time &#61; string&#10; end_time &#61; string&#10; scope &#61; optional&#40;string&#41;&#10; &#125;&#41;&#41;&#41;&#10;&#125;&#41;">object&#40;&#123;&#8230;&#125;&#41;</code> | | <code title="&#123;&#10; daily_window_start_time &#61; &#34;03:00&#34;&#10; recurring_window &#61; null&#10; maintenance_exclusion &#61; &#91;&#93;&#10;&#125;">&#123;&#8230;&#125;</code> |
| [min_master_version](variables.tf#L135) | Minimum version of the master, defaults to the version of the most recent official release. | <code>string</code> | | <code>null</code> |
| [node_locations](variables.tf#L146) | Zones in which the cluster's nodes are located. | <code>list&#40;string&#41;</code> | | <code>&#91;&#93;</code> |
| [private_cluster_config](variables.tf#L153) | Private cluster configuration. | <code title="object&#40;&#123;&#10; enable_private_endpoint &#61; optional&#40;bool&#41;&#10; master_global_access &#61; optional&#40;bool&#41;&#10; peering_config &#61; optional&#40;object&#40;&#123;&#10; export_routes &#61; optional&#40;bool&#41;&#10; import_routes &#61; optional&#40;bool&#41;&#10; project_id &#61; optional&#40;string&#41;&#10; &#125;&#41;&#41;&#10;&#125;&#41;">object&#40;&#123;&#8230;&#125;&#41;</code> | | <code>null</code> |
| [release_channel](variables.tf#L172) | Release channel for GKE upgrades. | <code>string</code> | | <code>null</code> |
| [service_account](variables.tf#L178) | The Google Cloud Platform Service Account to be used by the node VMs created by GKE Autopilot. | <code>string</code> | | <code>null</code> |
| [tags](variables.tf#L184) | Network tags applied to nodes. | <code>list&#40;string&#41;</code> | | <code>null</code> |
## Outputs
| name | description | sensitive |
|---|---|:---:|
| [ca_certificate](outputs.tf#L17) | Public certificate of the cluster (base64-encoded). | ✓ |
| [cluster](outputs.tf#L23) | Cluster resource. | ✓ |
| [endpoint](outputs.tf#L29) | Cluster endpoint. | |
| [id](outputs.tf#L34) | Cluster ID. | |
| [location](outputs.tf#L39) | Cluster location. | |
| [master_version](outputs.tf#L44) | Master version. | |
| [name](outputs.tf#L49) | Cluster name. | |
| [notifications](outputs.tf#L54) | GKE PubSub notifications topic. | |
| [self_link](outputs.tf#L59) | Cluster self link. | ✓ |
| [workload_identity_pool](outputs.tf#L65) | Workload identity pool. | |
<!-- END TFDOC -->

306
modules/gke-cluster-autopilot/main.tf Normal file
View File

@ -0,0 +1,306 @@
/**
* Copyright 2023 Google LLC
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
resource "google_container_cluster" "cluster" {
provider = google-beta
project = var.project_id
name = var.name
description = var.description
location = var.location
node_locations = (
length(var.node_locations) == 0 ? null : var.node_locations
)
min_master_version = var.min_master_version
network = var.vpc_config.network
subnetwork = var.vpc_config.subnetwork
resource_labels = var.labels
enable_l4_ilb_subsetting = var.enable_features.l4_ilb_subsetting
enable_tpu = var.enable_features.tpu
initial_node_count = 1
enable_autopilot = true
addons_config {
http_load_balancing {
disabled = !var.enable_addons.http_load_balancing
}
horizontal_pod_autoscaling {
disabled = !var.enable_addons.horizontal_pod_autoscaling
}
cloudrun_config {
disabled = !var.enable_addons.cloudrun
}
kalm_config {
enabled = var.enable_addons.kalm
}
config_connector_config {
enabled = var.enable_addons.config_connector
}
gke_backup_agent_config {
enabled = var.backup_configs.enable_backup_agent
}
}
dynamic "authenticator_groups_config" {
for_each = var.enable_features.groups_for_rbac != null ? [""] : []
content {
security_group = var.enable_features.groups_for_rbac
}
}
dynamic "binary_authorization" {
for_each = var.enable_features.binary_authorization ? [""] : []
content {
evaluation_mode = "PROJECT_SINGLETON_POLICY_ENFORCE"
}
}
cluster_autoscaling {
dynamic "auto_provisioning_defaults" {
for_each = var.service_account != null ? [""] : []
content {
service_account = var.service_account
}
}
}
dynamic "database_encryption" {
for_each = var.enable_features.database_encryption != null ? [""] : []
content {
state = var.enable_features.database_encryption.state
key_name = var.enable_features.database_encryption.key_name
}
}
dynamic "dns_config" {
for_each = var.enable_features.dns != null ? [""] : []
content {
cluster_dns = var.enable_features.dns.provider
cluster_dns_scope = var.enable_features.dns.scope
cluster_dns_domain = var.enable_features.dns.domain
}
}
dynamic "ip_allocation_policy" {
for_each = var.vpc_config.secondary_range_blocks != null ? [""] : []
content {
cluster_ipv4_cidr_block = var.vpc_config.secondary_range_blocks.pods
services_ipv4_cidr_block = var.vpc_config.secondary_range_blocks.services
}
}
dynamic "ip_allocation_policy" {
for_each = var.vpc_config.secondary_range_names != null ? [""] : []
content {
cluster_secondary_range_name = var.vpc_config.secondary_range_names.pods
services_secondary_range_name = var.vpc_config.secondary_range_names.services
}
}
dynamic "gateway_api_config" {
for_each = var.enable_features.gateway_api ? [""] : []
content {
channel = "CHANNEL_STANDARD"
}
}
maintenance_policy {
dynamic "daily_maintenance_window" {
for_each = (
try(var.maintenance_config.daily_window_start_time, null) != null
? [""]
: []
)
content {
start_time = var.maintenance_config.daily_window_start_time
}
}
dynamic "recurring_window" {
for_each = (
try(var.maintenance_config.recurring_window, null) != null
? [""]
: []
)
content {
start_time = var.maintenance_config.recurring_window.start_time
end_time = var.maintenance_config.recurring_window.end_time
recurrence = var.maintenance_config.recurring_window.recurrence
}
}
dynamic "maintenance_exclusion" {
for_each = (
try(var.maintenance_config.maintenance_exclusions, null) == null
? []
: var.maintenance_config.maintenance_exclusions
)
iterator = exclusion
content {
exclusion_name = exclusion.value.name
start_time = exclusion.value.start_time
end_time = exclusion.value.end_time
}
}
}
master_auth {
client_certificate_config {
issue_client_certificate = var.issue_client_certificate
}
}
dynamic "master_authorized_networks_config" {
for_each = var.vpc_config.master_authorized_ranges != null ? [""] : []
content {
dynamic "cidr_blocks" {
for_each = var.vpc_config.master_authorized_ranges
iterator = range
content {
cidr_block = range.value
display_name = range.key
}
}
}
}
dynamic "mesh_certificates" {
for_each = var.enable_features.mesh_certificates != null ? [""] : []
content {
enable_certificates = var.enable_features.mesh_certificates
}
}
dynamic "notification_config" {
for_each = var.enable_features.upgrade_notifications != null ? [""] : []
content {
pubsub {
enabled = true
topic = (
try(var.enable_features.upgrade_notifications.topic_id, null) != null
? var.enable_features.upgrade_notifications.topic_id
: google_pubsub_topic.notifications[0].id
)
}
}
}
dynamic "private_cluster_config" {
for_each = (
var.private_cluster_config != null ? [""] : []
)
content {
enable_private_nodes = true
enable_private_endpoint = var.private_cluster_config.enable_private_endpoint
master_ipv4_cidr_block = try(var.vpc_config.master_ipv4_cidr_block, null)
master_global_access_config {
enabled = var.private_cluster_config.master_global_access
}
}
}
dynamic "pod_security_policy_config" {
for_each = var.enable_features.pod_security_policy ? [""] : []
content {
enabled = var.enable_features.pod_security_policy
}
}
dynamic "release_channel" {
for_each = var.release_channel != null ? [""] : []
content {
channel = var.release_channel
}
}
dynamic "resource_usage_export_config" {
for_each = (
try(var.enable_features.resource_usage_export.dataset, null) != null
? [""]
: []
)
content {
enable_network_egress_metering = (
var.enable_features.resource_usage_export.enable_network_egress_metering
)
enable_resource_consumption_metering = (
var.enable_features.resource_usage_export.enable_resource_consumption_metering
)
bigquery_destination {
dataset_id = var.enable_features.resource_usage_export.dataset
}
}
}
dynamic "vertical_pod_autoscaling" {
for_each = var.enable_features.vertical_pod_autoscaling ? [""] : []
content {
enabled = var.enable_features.vertical_pod_autoscaling
}
}
}
resource "google_gke_backup_backup_plan" "backup_plan" {
for_each = var.backup_configs.enable_backup_agent ? var.backup_configs.backup_plans : {}
name = each.key
cluster = google_container_cluster.cluster.id
location = each.value.region
project = var.project_id
retention_policy {
backup_delete_lock_days = try(each.value.retention_policy_delete_lock_days)
backup_retain_days = try(each.value.retention_policy_days)
locked = try(each.value.retention_policy_lock)
}
backup_schedule {
cron_schedule = each.value.schedule
}
#TODO add support for configs
backup_config {
include_volume_data = true
include_secrets = true
all_namespaces = true
}
}
resource "google_compute_network_peering_routes_config" "gke_master" {
count = (
try(var.private_cluster_config.peering_config, null) != null ? 1 : 0
)
project = (
try(var.private_cluster_config.peering_config, null) == null
? var.project_id
: var.private_cluster_config.peering_config.project_id
)
peering = try(
google_container_cluster.cluster.private_cluster_config.0.peering_name,
null
)
network = element(reverse(split("/", var.vpc_config.network)), 0)
import_custom_routes = var.private_cluster_config.peering_config.import_routes
export_custom_routes = var.private_cluster_config.peering_config.export_routes
}
resource "google_pubsub_topic" "notifications" {
count = (
try(var.enable_features.upgrade_notifications, null) != null &&
try(var.enable_features.upgrade_notifications.topic_id, null) == null ? 1 : 0
)
project = var.project_id
name = "gke-pubsub-notifications"
labels = {
content = "gke-notifications"
}
}

0
modules/gke-cluster/outputs.tf → modules/gke-cluster-autopilot/outputs.tf
View File

207
modules/gke-cluster-autopilot/variables.tf Normal file
View File

@ -0,0 +1,207 @@
/**
* Copyright 2023 Google LLC
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
variable "backup_configs" {
description = "Configuration for Backup for GKE."
type = object({
enable_backup_agent = optional(bool, false)
backup_plans = optional(map(object({
region = string
schedule = string
retention_policy_days = optional(string)
retention_policy_lock = optional(bool, false)
retention_policy_delete_lock_days = optional(string)
})), {})
})
default = {}
nullable = false
}
variable "description" {
description = "Cluster description."
type = string
default = null
}
variable "enable_addons" {
description = "Addons enabled in the cluster (true means enabled)."
type = object({
cloudrun = optional(bool, false)
config_connector = optional(bool, false)
dns_cache = optional(bool, false)
horizontal_pod_autoscaling = optional(bool, false)
http_load_balancing = optional(bool, false)
istio = optional(object({
enable_tls = bool
}))
kalm = optional(bool, false)
network_policy = optional(bool, false)
})
default = {
horizontal_pod_autoscaling = true
http_load_balancing = true
}
nullable = false
}
variable "enable_features" {
description = "Enable cluster-level features. Certain features allow configuration."
type = object({
binary_authorization = optional(bool, false)
dns = optional(object({
provider = optional(string)
scope = optional(string)
domain = optional(string)
}))
database_encryption = optional(object({
state = string
key_name = string
}))
gateway_api = optional(bool, false)
groups_for_rbac = optional(string)
l4_ilb_subsetting = optional(bool, false)
mesh_certificates = optional(bool)
pod_security_policy = optional(bool, false)
resource_usage_export = optional(object({
dataset = string
enable_network_egress_metering = optional(bool)
enable_resource_consumption_metering = optional(bool)
}))
tpu = optional(bool, false)
upgrade_notifications = optional(object({
topic_id = optional(string)
}))
vertical_pod_autoscaling = optional(bool, false)
})
default = {
}
}
variable "issue_client_certificate" {
description = "Enable issuing client certificate."
type = bool
default = false
}
variable "labels" {
description = "Cluster resource labels."
type = map(string)
default = null
}
variable "location" {
description = "Autopilot cluster are always regional."
type = string
}
variable "maintenance_config" {
description = "Maintenance window configuration."
type = object({
daily_window_start_time = optional(string)
recurring_window = optional(object({
start_time = string
end_time = string
recurrence = string
}))
maintenance_exclusions = optional(list(object({
name = string
start_time = string
end_time = string
scope = optional(string)
})))
})
default = {
daily_window_start_time = "03:00"
recurring_window = null
maintenance_exclusion = []
}
}
variable "min_master_version" {
description = "Minimum version of the master, defaults to the version of the most recent official release."
type = string
default = null
}
variable "name" {
description = "Cluster name."
type = string
}
variable "node_locations" {
description = "Zones in which the cluster's nodes are located."
type = list(string)
default = []
nullable = false
}
variable "private_cluster_config" {
description = "Private cluster configuration."
type = object({
enable_private_endpoint = optional(bool)
master_global_access = optional(bool)
peering_config = optional(object({
export_routes = optional(bool)
import_routes = optional(bool)
project_id = optional(string)
}))
})
default = null
}
variable "project_id" {
description = "Cluster project id."
type = string
}
variable "release_channel" {
description = "Release channel for GKE upgrades."
type = string
default = null
}
variable "service_account" {
description = "The Google Cloud Platform Service Account to be used by the node VMs created by GKE Autopilot."
type = string
default = null
}
variable "tags" {
description = "Network tags applied to nodes."
type = list(string)
default = null
}
variable "vpc_config" {
description = "VPC-level configuration."
type = object({
network = string
subnetwork = string
master_ipv4_cidr_block = optional(string)
secondary_range_blocks = optional(object({
pods = string
services = string
}))
secondary_range_names = optional(object({
pods = string
services = string
}), { pods = "pods", services = "services" })
master_authorized_ranges = optional(map(string))
})
nullable = false
}

1
modules/gke-cluster/versions.tf → modules/gke-cluster-autopilot/versions.tf
View File

@ -12,6 +12,7 @@
# See the License for the specific language governing permissions and
# limitations under the License.
terraform {
required_version = ">= 1.4.4"
required_providers {

70
modules/gke-cluster/README.md → modules/gke-cluster-standard/README.md
View File

@ -1,6 +1,6 @@
# GKE cluster module
# GKE cluster Standard module
This module allows simplified creation and management of GKE clusters and should be used together with the GKE nodepool module, as the default nodepool is turned off here and cannot be re-enabled. Some sensible defaults are set initially, in order to allow less verbose usage for most use cases.
This module allows simplified creation and management of GKE Standard clusters and should be used together with the GKE nodepool module, as the default nodepool is turned off here and cannot be re-enabled. Some sensible defaults are set initially, in order to allow less verbose usage for most use cases.
## Example
@ -8,7 +8,7 @@ This module allows simplified creation and management of GKE clusters and should
```hcl
module "cluster-1" {
source = "./fabric/modules/gke-cluster"
source = "./fabric/modules/gke-cluster-standard"
project_id = "myproject"
name = "cluster-1"
location = "europe-west1-b"
@ -40,7 +40,7 @@ module "cluster-1" {
```hcl
module "cluster-1" {
source = "./fabric/modules/gke-cluster"
source = "./fabric/modules/gke-cluster-standard"
project_id = "myproject"
name = "cluster-dataplane-v2"
location = "europe-west1-b"
@ -70,32 +70,6 @@ module "cluster-1" {
}
# tftest modules=1 resources=1 inventory=dataplane-v2.yaml
```
### Autopilot Cluster
```hcl
module "cluster-autopilot" {
source = "./fabric/modules/gke-cluster"
project_id = "myproject"
name = "cluster-autopilot"
location = "europe-west1-b"
vpc_config = {
network = var.vpc.self_link
subnetwork = var.subnet.self_link
secondary_range_names = {
pods = "pods"
services = "services"
}
master_authorized_ranges = {
internal-vms = "10.0.0.0/8"
}
master_ipv4_cidr_block = "192.168.0.0/28"
}
enable_features = {
autopilot = true
}
}
# tftest modules=1 resources=1 inventory=autopilot.yaml
```
### Cloud DNS
@ -103,7 +77,7 @@ This example shows how to [use Cloud DNS as a Kubernetes DNS provider](https://c
```hcl
module "cluster-1" {
source = "./fabric/modules/gke-cluster"
source = "./fabric/modules/gke-cluster-standard"
project_id = var.project_id
name = "cluster-1"
location = "europe-west1-b"
@ -130,7 +104,7 @@ This example shows how to [enable the Backup for GKE agent and configure a Backu
```hcl
module "cluster-1" {
source = "./fabric/modules/gke-cluster"
source = "./fabric/modules/gke-cluster-standard"
project_id = var.project_id
name = "cluster-1"
location = "europe-west1-b"
@ -157,26 +131,26 @@ module "cluster-1" {
| name | description | type | required | default |
|---|---|:---:|:---:|:---:|
| [location](variables.tf#L134) | Cluster zone or region. | <code>string</code> | ✓ | |
| [name](variables.tf#L191) | Cluster name. | <code>string</code> | ✓ | |
| [project_id](variables.tf#L217) | Cluster project id. | <code>string</code> | ✓ | |
| [vpc_config](variables.tf#L234) | VPC-level configuration. | <code title="object&#40;&#123;&#10; network &#61; string&#10; subnetwork &#61; string&#10; master_ipv4_cidr_block &#61; optional&#40;string&#41;&#10; secondary_range_blocks &#61; optional&#40;object&#40;&#123;&#10; pods &#61; string&#10; services &#61; string&#10; &#125;&#41;&#41;&#10; secondary_range_names &#61; optional&#40;object&#40;&#123;&#10; pods &#61; string&#10; services &#61; string&#10; &#125;&#41;, &#123; pods &#61; &#34;pods&#34;, services &#61; &#34;services&#34; &#125;&#41;&#10; master_authorized_ranges &#61; optional&#40;map&#40;string&#41;&#41;&#10;&#125;&#41;">object&#40;&#123;&#8230;&#125;&#41;</code> | ✓ | |
| [location](variables.tf#L133) | Cluster zone or region. | <code>string</code> | ✓ | |
| [name](variables.tf#L190) | Cluster name. | <code>string</code> | ✓ | |
| [project_id](variables.tf#L216) | Cluster project id. | <code>string</code> | ✓ | |
| [vpc_config](variables.tf#L233) | VPC-level configuration. | <code title="object&#40;&#123;&#10; network &#61; string&#10; subnetwork &#61; string&#10; master_ipv4_cidr_block &#61; optional&#40;string&#41;&#10; secondary_range_blocks &#61; optional&#40;object&#40;&#123;&#10; pods &#61; string&#10; services &#61; string&#10; &#125;&#41;&#41;&#10; secondary_range_names &#61; optional&#40;object&#40;&#123;&#10; pods &#61; string&#10; services &#61; string&#10; &#125;&#41;, &#123; pods &#61; &#34;pods&#34;, services &#61; &#34;services&#34; &#125;&#41;&#10; master_authorized_ranges &#61; optional&#40;map&#40;string&#41;&#41;&#10;&#125;&#41;">object&#40;&#123;&#8230;&#125;&#41;</code> | ✓ | |
| [backup_configs](variables.tf#L17) | Configuration for Backup for GKE. | <code title="object&#40;&#123;&#10; enable_backup_agent &#61; optional&#40;bool, false&#41;&#10; backup_plans &#61; optional&#40;map&#40;object&#40;&#123;&#10; region &#61; string&#10; schedule &#61; string&#10; retention_policy_days &#61; optional&#40;string&#41;&#10; retention_policy_lock &#61; optional&#40;bool, false&#41;&#10; retention_policy_delete_lock_days &#61; optional&#40;string&#41;&#10; &#125;&#41;&#41;, &#123;&#125;&#41;&#10;&#125;&#41;">object&#40;&#123;&#8230;&#125;&#41;</code> | | <code>&#123;&#125;</code> |
| [cluster_autoscaling](variables.tf#L33) | Enable and configure limits for Node Auto-Provisioning with Cluster Autoscaler. | <code title="object&#40;&#123;&#10; auto_provisioning_defaults &#61; optional&#40;object&#40;&#123;&#10; boot_disk_kms_key &#61; optional&#40;string&#41;&#10; image_type &#61; optional&#40;string&#41;&#10; oauth_scopes &#61; optional&#40;list&#40;string&#41;&#41;&#10; service_account &#61; optional&#40;string&#41;&#10; &#125;&#41;&#41;&#10; cpu_limits &#61; optional&#40;object&#40;&#123;&#10; min &#61; number&#10; max &#61; number&#10; &#125;&#41;&#41;&#10; mem_limits &#61; optional&#40;object&#40;&#123;&#10; min &#61; number&#10; max &#61; number&#10; &#125;&#41;&#41;&#10;&#125;&#41;">object&#40;&#123;&#8230;&#125;&#41;</code> | | <code>null</code> |
| [description](variables.tf#L54) | Cluster description. | <code>string</code> | | <code>null</code> |
| [enable_addons](variables.tf#L60) | Addons enabled in the cluster (true means enabled). | <code title="object&#40;&#123;&#10; cloudrun &#61; optional&#40;bool, false&#41;&#10; config_connector &#61; optional&#40;bool, false&#41;&#10; dns_cache &#61; optional&#40;bool, false&#41;&#10; gce_persistent_disk_csi_driver &#61; optional&#40;bool, false&#41;&#10; gcp_filestore_csi_driver &#61; optional&#40;bool, false&#41;&#10; horizontal_pod_autoscaling &#61; optional&#40;bool, false&#41;&#10; http_load_balancing &#61; optional&#40;bool, false&#41;&#10; istio &#61; optional&#40;object&#40;&#123;&#10; enable_tls &#61; bool&#10; &#125;&#41;&#41;&#10; kalm &#61; optional&#40;bool, false&#41;&#10; network_policy &#61; optional&#40;bool, false&#41;&#10;&#125;&#41;">object&#40;&#123;&#8230;&#125;&#41;</code> | | <code title="&#123;&#10; horizontal_pod_autoscaling &#61; true&#10; http_load_balancing &#61; true&#10;&#125;">&#123;&#8230;&#125;</code> |
| [enable_features](variables.tf#L83) | Enable cluster-level features. Certain features allow configuration. | <code title="object&#40;&#123;&#10; autopilot &#61; optional&#40;bool, false&#41;&#10; binary_authorization &#61; optional&#40;bool, false&#41;&#10; dns &#61; optional&#40;object&#40;&#123;&#10; provider &#61; optional&#40;string&#41;&#10; scope &#61; optional&#40;string&#41;&#10; domain &#61; optional&#40;string&#41;&#10; &#125;&#41;&#41;&#10; database_encryption &#61; optional&#40;object&#40;&#123;&#10; state &#61; string&#10; key_name &#61; string&#10; &#125;&#41;&#41;&#10; dataplane_v2 &#61; optional&#40;bool, false&#41;&#10; gateway_api &#61; optional&#40;bool, false&#41;&#10; groups_for_rbac &#61; optional&#40;string&#41;&#10; intranode_visibility &#61; optional&#40;bool, false&#41;&#10; l4_ilb_subsetting &#61; optional&#40;bool, false&#41;&#10; mesh_certificates &#61; optional&#40;bool&#41;&#10; pod_security_policy &#61; optional&#40;bool, false&#41;&#10; resource_usage_export &#61; optional&#40;object&#40;&#123;&#10; dataset &#61; string&#10; enable_network_egress_metering &#61; optional&#40;bool&#41;&#10; enable_resource_consumption_metering &#61; optional&#40;bool&#41;&#10; &#125;&#41;&#41;&#10; shielded_nodes &#61; optional&#40;bool, false&#41;&#10; tpu &#61; optional&#40;bool, false&#41;&#10; upgrade_notifications &#61; optional&#40;object&#40;&#123;&#10; topic_id &#61; optional&#40;string&#41;&#10; &#125;&#41;&#41;&#10; vertical_pod_autoscaling &#61; optional&#40;bool, false&#41;&#10; workload_identity &#61; optional&#40;bool, true&#41;&#10;&#125;&#41;">object&#40;&#123;&#8230;&#125;&#41;</code> | | <code title="&#123;&#10; workload_identity &#61; true&#10;&#125;">&#123;&#8230;&#125;</code> |
| [issue_client_certificate](variables.tf#L122) | Enable issuing client certificate. | <code>bool</code> | | <code>false</code> |
| [labels](variables.tf#L128) | Cluster resource labels. | <code>map&#40;string&#41;</code> | | <code>null</code> |
| [logging_config](variables.tf#L139) | Logging configuration. | <code>list&#40;string&#41;</code> | | <code>&#91;&#34;SYSTEM_COMPONENTS&#34;&#93;</code> |
| [maintenance_config](variables.tf#L145) | Maintenance window configuration. | <code title="object&#40;&#123;&#10; daily_window_start_time &#61; optional&#40;string&#41;&#10; recurring_window &#61; optional&#40;object&#40;&#123;&#10; start_time &#61; string&#10; end_time &#61; string&#10; recurrence &#61; string&#10; &#125;&#41;&#41;&#10; maintenance_exclusions &#61; optional&#40;list&#40;object&#40;&#123;&#10; name &#61; string&#10; start_time &#61; string&#10; end_time &#61; string&#10; scope &#61; optional&#40;string&#41;&#10; &#125;&#41;&#41;&#41;&#10;&#125;&#41;">object&#40;&#123;&#8230;&#125;&#41;</code> | | <code title="&#123;&#10; daily_window_start_time &#61; &#34;03:00&#34;&#10; recurring_window &#61; null&#10; maintenance_exclusion &#61; &#91;&#93;&#10;&#125;">&#123;&#8230;&#125;</code> |
| [max_pods_per_node](variables.tf#L168) | Maximum number of pods per node in this cluster. | <code>number</code> | | <code>110</code> |
| [min_master_version](variables.tf#L174) | Minimum version of the master, defaults to the version of the most recent official release. | <code>string</code> | | <code>null</code> |
| [monitoring_config](variables.tf#L180) | Monitoring components. | <code title="object&#40;&#123;&#10; enable_components &#61; optional&#40;list&#40;string&#41;&#41;&#10; managed_prometheus &#61; optional&#40;bool&#41;&#10;&#125;&#41;">object&#40;&#123;&#8230;&#125;&#41;</code> | | <code title="&#123;&#10; enable_components &#61; &#91;&#34;SYSTEM_COMPONENTS&#34;&#93;&#10;&#125;">&#123;&#8230;&#125;</code> |
| [node_locations](variables.tf#L196) | Zones in which the cluster's nodes are located. | <code>list&#40;string&#41;</code> | | <code>&#91;&#93;</code> |
| [private_cluster_config](variables.tf#L203) | Private cluster configuration. | <code title="object&#40;&#123;&#10; enable_private_endpoint &#61; optional&#40;bool&#41;&#10; master_global_access &#61; optional&#40;bool&#41;&#10; peering_config &#61; optional&#40;object&#40;&#123;&#10; export_routes &#61; optional&#40;bool&#41;&#10; import_routes &#61; optional&#40;bool&#41;&#10; project_id &#61; optional&#40;string&#41;&#10; &#125;&#41;&#41;&#10;&#125;&#41;">object&#40;&#123;&#8230;&#125;&#41;</code> | | <code>null</code> |
| [release_channel](variables.tf#L222) | Release channel for GKE upgrades. | <code>string</code> | | <code>null</code> |
| [tags](variables.tf#L228) | Network tags applied to nodes. | <code>list&#40;string&#41;</code> | | <code>null</code> |
| [enable_features](variables.tf#L83) | Enable cluster-level features. Certain features allow configuration. | <code title="object&#40;&#123;&#10; binary_authorization &#61; optional&#40;bool, false&#41;&#10; dns &#61; optional&#40;object&#40;&#123;&#10; provider &#61; optional&#40;string&#41;&#10; scope &#61; optional&#40;string&#41;&#10; domain &#61; optional&#40;string&#41;&#10; &#125;&#41;&#41;&#10; database_encryption &#61; optional&#40;object&#40;&#123;&#10; state &#61; string&#10; key_name &#61; string&#10; &#125;&#41;&#41;&#10; dataplane_v2 &#61; optional&#40;bool, false&#41;&#10; gateway_api &#61; optional&#40;bool, false&#41;&#10; groups_for_rbac &#61; optional&#40;string&#41;&#10; intranode_visibility &#61; optional&#40;bool, false&#41;&#10; l4_ilb_subsetting &#61; optional&#40;bool, false&#41;&#10; mesh_certificates &#61; optional&#40;bool&#41;&#10; pod_security_policy &#61; optional&#40;bool, false&#41;&#10; resource_usage_export &#61; optional&#40;object&#40;&#123;&#10; dataset &#61; string&#10; enable_network_egress_metering &#61; optional&#40;bool&#41;&#10; enable_resource_consumption_metering &#61; optional&#40;bool&#41;&#10; &#125;&#41;&#41;&#10; shielded_nodes &#61; optional&#40;bool, false&#41;&#10; tpu &#61; optional&#40;bool, false&#41;&#10; upgrade_notifications &#61; optional&#40;object&#40;&#123;&#10; topic_id &#61; optional&#40;string&#41;&#10; &#125;&#41;&#41;&#10; vertical_pod_autoscaling &#61; optional&#40;bool, false&#41;&#10; workload_identity &#61; optional&#40;bool, true&#41;&#10;&#125;&#41;">object&#40;&#123;&#8230;&#125;&#41;</code> | | <code title="&#123;&#10; workload_identity &#61; true&#10;&#125;">&#123;&#8230;&#125;</code> |
| [issue_client_certificate](variables.tf#L121) | Enable issuing client certificate. | <code>bool</code> | | <code>false</code> |
| [labels](variables.tf#L127) | Cluster resource labels. | <code>map&#40;string&#41;</code> | | <code>null</code> |
| [logging_config](variables.tf#L138) | Logging configuration. | <code>list&#40;string&#41;</code> | | <code>&#91;&#34;SYSTEM_COMPONENTS&#34;&#93;</code> |
| [maintenance_config](variables.tf#L144) | Maintenance window configuration. | <code title="object&#40;&#123;&#10; daily_window_start_time &#61; optional&#40;string&#41;&#10; recurring_window &#61; optional&#40;object&#40;&#123;&#10; start_time &#61; string&#10; end_time &#61; string&#10; recurrence &#61; string&#10; &#125;&#41;&#41;&#10; maintenance_exclusions &#61; optional&#40;list&#40;object&#40;&#123;&#10; name &#61; string&#10; start_time &#61; string&#10; end_time &#61; string&#10; scope &#61; optional&#40;string&#41;&#10; &#125;&#41;&#41;&#41;&#10;&#125;&#41;">object&#40;&#123;&#8230;&#125;&#41;</code> | | <code title="&#123;&#10; daily_window_start_time &#61; &#34;03:00&#34;&#10; recurring_window &#61; null&#10; maintenance_exclusion &#61; &#91;&#93;&#10;&#125;">&#123;&#8230;&#125;</code> |
| [max_pods_per_node](variables.tf#L167) | Maximum number of pods per node in this cluster. | <code>number</code> | | <code>110</code> |
| [min_master_version](variables.tf#L173) | Minimum version of the master, defaults to the version of the most recent official release. | <code>string</code> | | <code>null</code> |
| [monitoring_config](variables.tf#L179) | Monitoring components. | <code title="object&#40;&#123;&#10; enable_components &#61; optional&#40;list&#40;string&#41;&#41;&#10; managed_prometheus &#61; optional&#40;bool&#41;&#10;&#125;&#41;">object&#40;&#123;&#8230;&#125;&#41;</code> | | <code title="&#123;&#10; enable_components &#61; &#91;&#34;SYSTEM_COMPONENTS&#34;&#93;&#10;&#125;">&#123;&#8230;&#125;</code> |
| [node_locations](variables.tf#L195) | Zones in which the cluster's nodes are located. | <code>list&#40;string&#41;</code> | | <code>&#91;&#93;</code> |
| [private_cluster_config](variables.tf#L202) | Private cluster configuration. | <code title="object&#40;&#123;&#10; enable_private_endpoint &#61; optional&#40;bool&#41;&#10; master_global_access &#61; optional&#40;bool&#41;&#10; peering_config &#61; optional&#40;object&#40;&#123;&#10; export_routes &#61; optional&#40;bool&#41;&#10; import_routes &#61; optional&#40;bool&#41;&#10; project_id &#61; optional&#40;string&#41;&#10; &#125;&#41;&#41;&#10;&#125;&#41;">object&#40;&#123;&#8230;&#125;&#41;</code> | | <code>null</code> |
| [release_channel](variables.tf#L221) | Release channel for GKE upgrades. | <code>string</code> | | <code>null</code> |
| [tags](variables.tf#L227) | Network tags applied to nodes. | <code>list&#40;string&#41;</code> | | <code>null</code> |
## Outputs

97
modules/gke-cluster/main.tf → modules/gke-cluster-standard/main.tf
View File

@ -15,12 +15,6 @@
*/
resource "google_container_cluster" "cluster" {
lifecycle {
ignore_changes = [
node_config[0].boot_disk_kms_key,
node_config[0].spot
]
}
provider = google-beta
project = var.project_id
name = var.name
@ -29,54 +23,39 @@ resource "google_container_cluster" "cluster" {
node_locations = (
length(var.node_locations) == 0 ? null : var.node_locations
)
min_master_version = var.min_master_version
network = var.vpc_config.network
subnetwork = var.vpc_config.subnetwork
resource_labels = var.labels
default_max_pods_per_node = (
var.enable_features.autopilot ? null : var.max_pods_per_node
)
enable_intranode_visibility = (
var.enable_features.autopilot ? null : var.enable_features.intranode_visibility
)
enable_l4_ilb_subsetting = var.enable_features.l4_ilb_subsetting
enable_shielded_nodes = (
var.enable_features.autopilot ? null : var.enable_features.shielded_nodes
)
enable_tpu = var.enable_features.tpu
initial_node_count = 1
remove_default_node_pool = var.enable_features.autopilot ? null : true
min_master_version = var.min_master_version
network = var.vpc_config.network
subnetwork = var.vpc_config.subnetwork
resource_labels = var.labels
default_max_pods_per_node = var.max_pods_per_node
enable_intranode_visibility = var.enable_features.intranode_visibility
enable_l4_ilb_subsetting = var.enable_features.l4_ilb_subsetting
enable_shielded_nodes = var.enable_features.shielded_nodes
enable_tpu = var.enable_features.tpu
initial_node_count = 1
remove_default_node_pool = true
datapath_provider = (
var.enable_features.dataplane_v2 || var.enable_features.autopilot
var.enable_features.dataplane_v2
? "ADVANCED_DATAPATH"
: "DATAPATH_PROVIDER_UNSPECIFIED"
)
enable_autopilot = var.enable_features.autopilot ? true : null
# the default nodepool is deleted here, use the gke-nodepool module instead
# default nodepool configuration based on a shielded_nodes variable
dynamic "node_config" {
for_each = var.enable_features.autopilot ? [] : [""]
content {
dynamic "shielded_instance_config" {
for_each = var.enable_features.shielded_nodes ? [""] : []
content {
enable_secure_boot = true
enable_integrity_monitoring = true
}
node_config {
dynamic "shielded_instance_config" {
for_each = var.enable_features.shielded_nodes ? [""] : []
content {
enable_secure_boot = true
enable_integrity_monitoring = true
}
tags = var.tags
}
tags = var.tags
}
addons_config {
dynamic "dns_cache_config" {
for_each = !var.enable_features.autopilot ? [""] : []
content {
enabled = var.enable_addons.dns_cache
}
dns_cache_config {
enabled = var.enable_addons.dns_cache
}
http_load_balancing {
disabled = !var.enable_addons.http_load_balancing
@ -84,11 +63,8 @@ resource "google_container_cluster" "cluster" {
horizontal_pod_autoscaling {
disabled = !var.enable_addons.horizontal_pod_autoscaling
}
dynamic "network_policy_config" {
for_each = !var.enable_features.autopilot ? [""] : []
content {
disabled = !var.enable_addons.network_policy
}
network_policy_config {
disabled = !var.enable_addons.network_policy
}
cloudrun_config {
disabled = !var.enable_addons.cloudrun
@ -100,17 +76,10 @@ resource "google_container_cluster" "cluster" {
)
}
gce_persistent_disk_csi_driver_config {
enabled = (
var.enable_features.autopilot
? true
: var.enable_addons.gce_persistent_disk_csi_driver
)
enabled = var.enable_addons.gce_persistent_disk_csi_driver
}
dynamic "gcp_filestore_csi_driver_config" {
for_each = !var.enable_features.autopilot ? [""] : []
content {
enabled = var.enable_addons.gcp_filestore_csi_driver
}
gcp_filestore_csi_driver_config {
enabled = var.enable_addons.gcp_filestore_csi_driver
}
kalm_config {
enabled = var.enable_addons.kalm
@ -140,7 +109,7 @@ resource "google_container_cluster" "cluster" {
dynamic "cluster_autoscaling" {
for_each = var.cluster_autoscaling == null ? [] : [""]
content {
enabled = var.enable_features.autopilot ? null : true
enabled = true
dynamic "auto_provisioning_defaults" {
for_each = var.cluster_autoscaling.auto_provisioning_defaults != null ? [""] : []
@ -204,7 +173,7 @@ resource "google_container_cluster" "cluster" {
}
dynamic "logging_config" {
for_each = var.logging_config != null && !var.enable_features.autopilot ? [""] : []
for_each = var.logging_config != null ? [""] : []
content {
enable_components = var.logging_config
}
@ -283,7 +252,7 @@ resource "google_container_cluster" "cluster" {
}
dynamic "monitoring_config" {
for_each = var.monitoring_config != null && !var.enable_features.autopilot ? [""] : []
for_each = var.monitoring_config != null ? [""] : []
content {
enable_components = var.monitoring_config.enable_components
dynamic "managed_prometheus" {
@ -379,11 +348,17 @@ resource "google_container_cluster" "cluster" {
}
dynamic "workload_identity_config" {
for_each = (var.enable_features.workload_identity && !var.enable_features.autopilot) ? [""] : []
for_each = var.enable_features.workload_identity ? [""] : []
content {
workload_pool = "${var.project_id}.svc.id.goog"
}
}
lifecycle {
ignore_changes = [
node_config[0].boot_disk_kms_key,
node_config[0].spot
]
}
}
resource "google_gke_backup_backup_plan" "backup_plan" {

71
modules/gke-cluster-standard/outputs.tf Normal file
View File

@ -0,0 +1,71 @@
/**
* Copyright 2022 Google LLC
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
output "ca_certificate" {
description = "Public certificate of the cluster (base64-encoded)."
value = google_container_cluster.cluster.master_auth.0.cluster_ca_certificate
sensitive = true
}
output "cluster" {
description = "Cluster resource."
sensitive = true
value = google_container_cluster.cluster
}
output "endpoint" {
description = "Cluster endpoint."
value = google_container_cluster.cluster.endpoint
}
output "id" {
description = "Cluster ID."
value = google_container_cluster.cluster.id
}
output "location" {
description = "Cluster location."
value = google_container_cluster.cluster.location
}
output "master_version" {
description = "Master version."
value = google_container_cluster.cluster.master_version
}
output "name" {
description = "Cluster name."
value = google_container_cluster.cluster.name
}
output "notifications" {
description = "GKE PubSub notifications topic."
value = try(google_pubsub_topic.notifications[0].id, null)
}
output "self_link" {
description = "Cluster self link."
sensitive = true
value = google_container_cluster.cluster.self_link
}
output "workload_identity_pool" {
description = "Workload identity pool."
value = "${var.project_id}.svc.id.goog"
depends_on = [
google_container_cluster.cluster
]
}

1
modules/gke-cluster/variables.tf → modules/gke-cluster-standard/variables.tf
View File

@ -83,7 +83,6 @@ variable "enable_addons" {
variable "enable_features" {
description = "Enable cluster-level features. Certain features allow configuration."
type = object({
autopilot = optional(bool, false)
binary_authorization = optional(bool, false)
dns = optional(object({
provider = optional(string)

20
tests/fast/stages_multitenant/s0_bootstrap_tenant/__init__.py → modules/gke-cluster-standard/versions.tf
View File

@ -4,10 +4,28 @@
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
# https://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
terraform {
required_version = ">= 1.4.4"
required_providers {
google = {
source = "hashicorp/google"
version = ">= 4.60.0" # tftest
}
google-beta = {
source = "hashicorp/google-beta"
version = ">= 4.60.0" # tftest
}
}
}

10
modules/gke-hub/README.md
View File

@ -46,7 +46,7 @@ module "vpc" {
}
module "cluster_1" {
source = "./fabric/modules/gke-cluster"
source = "./fabric/modules/gke-cluster-standard"
project_id = module.project.project_id
name = "cluster-1"
location = "europe-west1"
@ -54,7 +54,7 @@ module "cluster_1" {
network = module.vpc.self_link
subnetwork = module.vpc.subnet_self_links["europe-west1/cluster-1"]
master_authorized_ranges = {
fc1918_10_8 = "10.0.0.0/8"
rfc1918_10_8 = "10.0.0.0/8"
}
master_ipv4_cidr_block = "192.168.0.0/28"
}
@ -119,7 +119,7 @@ module "hub" {
}
}
# tftest modules=4 resources=16
# tftest modules=4 resources=16 inventory=full.yaml
```
## Multi-cluster mesh on GKE
@ -212,7 +212,7 @@ module "firewall" {
}
module "cluster_1" {
source = "./fabric/modules/gke-cluster"
source = "./fabric/modules/gke-cluster-standard"
project_id = module.project.project_id
name = "cluster-1"
location = "europe-west1"
@ -253,7 +253,7 @@ module "cluster_1_nodepool" {
}
module "cluster_2" {
source = "./fabric/modules/gke-cluster"
source = "./fabric/modules/gke-cluster-standard"
project_id = module.project.project_id
name = "cluster-2"
location = "europe-west4"

2
modules/kms/README.md
View File

@ -56,7 +56,7 @@ module "kms" {
key-c = { rotation_period = null, labels = { env = "test" } }
}
}
# tftest modules=1 resources=9
# tftest modules=1 resources=9 inventory=basic.yaml
```
### Crypto key purpose

12
modules/net-address/README.md
View File

@ -11,12 +11,12 @@ module "addresses" {
source = "./fabric/modules/net-address"
project_id = var.project_id
external_addresses = {
nat-1 = var.region
vpn-remote = var.region
one = "europe-west1"
two = "europe-west2"
}
global_addresses = ["app-1", "app-2"]
}
# tftest modules=1 resources=4
# tftest modules=1 resources=4 inventory=external.yaml
```
### Internal addresses
@ -38,7 +38,7 @@ module "addresses" {
}
}
}
# tftest modules=1 resources=2
# tftest modules=1 resources=2 inventory=internal.yaml
```
### PSA addresses
@ -55,7 +55,7 @@ module "addresses" {
}
}
}
# tftest modules=1 resources=1
# tftest modules=1 resources=1 inventory=psa.yaml
```
### PSC addresses
@ -75,7 +75,7 @@ module "addresses" {
}
}
}
# tftest modules=1 resources=2
# tftest modules=1 resources=2 inventory=psc.yaml
```
<!-- BEGIN TFDOC -->

13
tests/fast/stages_multitenant/__init__.py
View File

@ -1,13 +0,0 @@
# Copyright 2022 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

1
tests/fixtures.py
View File

@ -143,6 +143,7 @@ def plan_summary_fixture(request):
**tf_vars):
if basedir is None:
basedir = Path(request.fspath).parent
print(f"{basedir=}")
return plan_summary(module_path=module_path, basedir=basedir,
tf_var_files=tf_var_files, extra_files=extra_files,
**tf_vars)

70
tests/legacy_fixtures.py
View File

@ -1,4 +1,4 @@
# Copyright 2022 Google LLC
# Copyright 2023 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@ -28,74 +28,6 @@ import tftest
BASEDIR = os.path.dirname(os.path.dirname(__file__))
@pytest.fixture(scope='session')
def _plan_runner():
'Return a function to run Terraform plan on a fixture.'
def run_plan(fixture_path=None, extra_files=None, tf_var_file=None,
targets=None, refresh=True, tmpdir=True, **tf_vars):
'Run Terraform plan and returns parsed output.'
if fixture_path is None:
# find out the fixture directory from the caller's directory
caller = inspect.stack()[2]
fixture_path = os.path.join(os.path.dirname(caller.filename), 'fixture')
fixture_parent = os.path.dirname(fixture_path)
fixture_prefix = os.path.basename(fixture_path) + '_'
with tempfile.TemporaryDirectory(prefix=fixture_prefix,
dir=fixture_parent) as tmp_path:
# copy fixture to a temporary directory so we can execute
# multiple tests in parallel
if tmpdir:
shutil.copytree(fixture_path, tmp_path, dirs_exist_ok=True)
tf = tftest.TerraformTest(tmp_path if tmpdir else fixture_path, BASEDIR,
os.environ.get('TERRAFORM', 'terraform'))
tf.setup(extra_files=extra_files, upgrade=True)
plan = tf.plan(output=True, refresh=refresh, tf_var_file=tf_var_file,
tf_vars=tf_vars, targets=targets)
return plan
return run_plan
@pytest.fixture(scope='session')
def plan_runner(_plan_runner):
'Return a function to run Terraform plan on a module fixture.'
def run_plan(fixture_path=None, extra_files=None, tf_var_file=None,
targets=None, **tf_vars):
'Run Terraform plan and returns plan and module resources.'
plan = _plan_runner(fixture_path, extra_files=extra_files,
tf_var_file=tf_var_file, targets=targets, **tf_vars)
# skip the fixture
root_module = plan.root_module['child_modules'][0]
return plan, root_module['resources']
return run_plan
@pytest.fixture(scope='session')
def e2e_plan_runner(_plan_runner):
'Return a function to run Terraform plan on an end-to-end fixture.'
def run_plan(fixture_path=None, tf_var_file=None, targets=None, refresh=True,
include_bare_resources=False, **tf_vars):
'Run Terraform plan on an end-to-end module using defaults, returns data.'
plan = _plan_runner(fixture_path, tf_var_file=tf_var_file, targets=targets,
refresh=refresh, **tf_vars)
# skip the fixture
root_module = plan.root_module['child_modules'][0]
modules = dict((mod['address'], mod['resources'])
for mod in root_module['child_modules'])
resources = [r for m in modules.values() for r in m]
if include_bare_resources:
bare_resources = root_module['resources']
resources.extend(bare_resources)
return modules, resources
return run_plan
@pytest.fixture(scope='session')
def apply_runner():
'Return a function to run Terraform apply on a fixture.'

13
tests/modules/apigee/__init__.py
View File

@ -1,13 +0,0 @@
# Copyright 2022 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

0
tests/modules/apigee/fixture/test.all.tfvars → tests/modules/apigee/all.tfvars
View File

83
tests/modules/apigee/all.yaml Normal file
View File

@ -0,0 +1,83 @@
# Copyright 2023 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
values:
google_apigee_endpoint_attachment.endpoint_attachments["endpoint-backend-1"]:
endpoint_attachment_id: endpoint-backend-1
location: europe-west1
service_attachment: projects/my-project-1/serviceAttachments/gkebackend1
google_apigee_endpoint_attachment.endpoint_attachments["endpoint-backend-2"]:
endpoint_attachment_id: endpoint-backend-2
location: europe-west1
service_attachment: projects/my-project-2/serviceAttachments/gkebackend2
google_apigee_envgroup.envgroups["prod"]:
hostnames:
- prod.example.com
name: prod
google_apigee_envgroup.envgroups["test"]:
hostnames:
- test.example.com
name: test
google_apigee_envgroup_attachment.envgroup_attachments["apis-prod-prod"]:
environment: apis-prod
google_apigee_envgroup_attachment.envgroup_attachments["apis-test-test"]:
environment: apis-test
google_apigee_environment.environments["apis-prod"]:
description: APIs prod
display_name: APIs prod
name: apis-prod
google_apigee_environment.environments["apis-test"]:
description: APIs Test
display_name: APIs test
name: apis-test
google_apigee_environment_iam_binding.binding["apis-prod-roles/viewer"]:
condition: []
env_id: apis-prod
members:
- group:devops@myorg.com
role: roles/viewer
google_apigee_instance.instances["instance-prod-ew3"]:
description: Terraform-managed
disk_encryption_key_name: null
display_name: null
ip_range: 10.0.6.0/22,10.1.0.16/28
location: europe-west3
name: instance-prod-ew3
google_apigee_instance.instances["instance-test-ew1"]:
description: Terraform-managed
disk_encryption_key_name: null
display_name: null
ip_range: 10.0.4.0/22,10.1.0.0/28
location: europe-west1
name: instance-test-ew1
google_apigee_organization.organization[0]:
analytics_region: europe-west1
authorized_network: my-vpc
billing_type: Pay-as-you-go
description: null
display_name: null
project_id: my-project
retention: DELETION_RETENTION_UNSPECIFIED
runtime_database_encryption_key_name: '123456789'
runtime_type: CLOUD
counts:
google_apigee_endpoint_attachment: 2
google_apigee_envgroup: 2
google_apigee_envgroup_attachment: 2
google_apigee_environment: 2
google_apigee_environment_iam_binding: 1
google_apigee_instance: 2
google_apigee_instance_attachment: 2
google_apigee_organization: 1

0
tests/modules/apigee/fixture/test.endpoint_attachment_only.tfvars → tests/modules/apigee/endpoint_attachment_only.tfvars
View File

23
tests/modules/apigee/endpoint_attachment_only.yaml Normal file
View File

@ -0,0 +1,23 @@
# Copyright 2023 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
values:
google_apigee_endpoint_attachment.endpoint_attachments["endpoint-backend-1"]:
endpoint_attachment_id: endpoint-backend-1
location: europe-west1
org_id: organizations/my-project
service_attachment: projects/my-project-1/serviceAttachments/gkebackend1
counts:
google_apigee_endpoint_attachment: 1

0
tests/modules/apigee/fixture/test.env_only.tfvars → tests/modules/apigee/env_only.tfvars
View File

32
tests/modules/apigee/env_only.yaml Normal file
View File

@ -0,0 +1,32 @@
# Copyright 2023 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
values:
google_apigee_envgroup_attachment.envgroup_attachments["apis-test-test"]:
envgroup_id: test
environment: apis-test
timeouts: null
google_apigee_environment.environments["apis-test"]:
description: APIs Test
display_name: APIs test
name: apis-test
node_config:
- max_node_count: '5'
min_node_count: '2'
org_id: organizations/my-project
timeouts: null
counts:
google_apigee_envgroup_attachment: 1
google_apigee_environment: 1

0
tests/modules/apigee/fixture/test.env_only_with_api_proxy_type.tfvars → tests/modules/apigee/env_only_with_api_proxy_type.tfvars
View File

31
tests/modules/apigee/env_only_with_api_proxy_type.yaml Normal file
View File

@ -0,0 +1,31 @@
# Copyright 2023 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
values:
google_apigee_envgroup_attachment.envgroup_attachments["apis-test-test"]:
envgroup_id: test
environment: apis-test
google_apigee_environment.environments["apis-test"]:
api_proxy_type: PROGRAMMABLE
description: APIs Test
display_name: APIs test
name: apis-test
node_config:
- max_node_count: '5'
min_node_count: '2'
org_id: organizations/my-project
counts:
google_apigee_envgroup_attachment: 1
google_apigee_environment: 1

0
tests/modules/apigee/fixture/test.env_only_with_deployment_type.tfvars → tests/modules/apigee/env_only_with_deployment_type.tfvars
View File

34
tests/modules/apigee/env_only_with_deployment_type.yaml Normal file
View File

@ -0,0 +1,34 @@
# Copyright 2023 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
values:
google_apigee_envgroup_attachment.envgroup_attachments["apis-test-test"]:
envgroup_id: test
environment: apis-test
timeouts: null
google_apigee_environment.environments["apis-test"]:
deployment_type: ARCHIVE
description: APIs Test
display_name: APIs test
name: apis-test
node_config:
- max_node_count: '5'
min_node_count: '2'
org_id: organizations/my-project
timeouts: null
counts:
google_apigee_envgroup_attachment: 1
google_apigee_environment: 1

0
tests/modules/apigee/fixture/test.envgroup_only.tfvars → tests/modules/apigee/envgroup_only.tfvars
View File

9
tests/modules/gke_cluster/examples/autopilot.yaml → tests/modules/apigee/envgroup_only.yaml
View File

@ -13,8 +13,11 @@
# limitations under the License.
values:
module.cluster-autopilot.google_container_cluster.cluster:
enable_autopilot: true
google_apigee_envgroup.envgroups["test"]:
hostnames:
- test.example.com
name: test
org_id: organizations/my-project
counts:
google_container_cluster: 1
google_apigee_envgroup: 1

25
tests/modules/apigee/fixture/main.tf
View File

@ -1,25 +0,0 @@
/**
* Copyright 2022 Google LLC
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
module "test" {
source = "../../../../modules/apigee"
project_id = var.project_id
organization = var.organization
envgroups = var.envgroups
environments = var.environments
instances = var.instances
endpoint_attachments = var.endpoint_attachments
}

81
tests/modules/apigee/fixture/variables.tf
View File

@ -1,81 +0,0 @@
/**
* Copyright 2022 Google LLC
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
variable "endpoint_attachments" {
description = "Endpoint attachments."
type = map(object({
region = string
service_attachment = string
}))
default = null
}
variable "envgroups" {
description = "Environment groups (NAME => [HOSTNAMES])."
type = map(list(string))
default = null
}
variable "environments" {
description = "Environments."
type = map(object({
display_name = optional(string)
description = optional(string, "Terraform-managed")
deployment_type = optional(string)
api_proxy_type = optional(string)
node_config = optional(object({
min_node_count = optional(number)
max_node_count = optional(number)
}))
iam = optional(map(list(string)))
envgroups = list(string)
}))
default = null
}
variable "instances" {
description = "Instances."
type = map(object({
display_name = optional(string)
description = optional(string, "Terraform-managed")
region = string
environments = list(string)
runtime_ip_cidr_range = string
troubleshooting_ip_cidr_range = string
disk_encryption_key = optional(string)
consumer_accept_list = optional(list(string))
}))
default = null
}
variable "organization" {
description = "Apigee organization. If set to null the organization must already exist."
type = object({
display_name = optional(string)
description = optional(string, "Terraform-managed")
authorized_network = optional(string)
runtime_type = optional(string, "CLOUD")
billing_type = optional(string)
database_encryption_key = optional(string)
analytics_region = optional(string, "europe-west1")
})
default = null
}
variable "project_id" {
description = "Project ID."
type = string
}

0
tests/modules/apigee/fixture/test.instance_only.tfvars → tests/modules/apigee/instance_only.tfvars
View File

26
tests/modules/apigee/instance_only.yaml Normal file
View File

@ -0,0 +1,26 @@
# Copyright 2023 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
values:
google_apigee_instance.instances["instance-test-ew1"]:
ip_range: 10.0.4.0/22,10.1.1.0.0/28
location: europe-west1
name: instance-test-ew1
org_id: organizations/my-project
google_apigee_instance_attachment.instance_attachments["instance-test-ew1-apis-test"]:
environment: organizations/my-project/environments/apis-test
counts:
google_apigee_instance: 1
google_apigee_instance_attachment: 1

0
tests/modules/apigee/fixture/test.no_instances.tfvars → tests/modules/apigee/no_instances.tfvars
View File

51
tests/modules/apigee/no_instances.yaml Normal file
View File

@ -0,0 +1,51 @@
# Copyright 2023 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
values:
google_apigee_envgroup.envgroups["prod"]:
hostnames:
- prod.example.com
name: prod
google_apigee_envgroup.envgroups["test"]:
hostnames:
- test.example.com
name: test
google_apigee_envgroup_attachment.envgroup_attachments["apis-prod-prod"]:
environment: apis-prod
google_apigee_envgroup_attachment.envgroup_attachments["apis-test-test"]:
environment: apis-test
google_apigee_environment.environments["apis-prod"]:
description: APIs prod
display_name: APIs prod
name: apis-prod
google_apigee_environment.environments["apis-test"]:
description: APIs Test
display_name: APIs test
name: apis-test
google_apigee_organization.organization[0]:
analytics_region: europe-west1
authorized_network: my-vpc
billing_type: PAYG
description: null
display_name: null
project_id: my-project
retention: DELETION_RETENTION_UNSPECIFIED
runtime_database_encryption_key_name: '123456789'
runtime_type: CLOUD
counts:
google_apigee_envgroup: 2
google_apigee_envgroup_attachment: 2
google_apigee_environment: 2
google_apigee_organization: 1

0
tests/modules/apigee/fixture/test.organization_only.tfvars → tests/modules/apigee/organization_only.tfvars
View File

28
tests/modules/apigee/organization_only.yaml Normal file
View File

@ -0,0 +1,28 @@
# Copyright 2023 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
values:
google_apigee_organization.organization[0]:
analytics_region: europe-west1
authorized_network: my-vpc
billing_type: PAYG
description: null
display_name: null
project_id: my-project
retention: DELETION_RETENTION_UNSPECIFIED
runtime_database_encryption_key_name: '123456789'
runtime_type: CLOUD
counts:
google_apigee_organization: 1

95
tests/modules/apigee/test_plan.py
View File

@ -1,95 +0,0 @@
# Copyright 2022 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
import collections
def test_all(plan_runner):
"Test that creates all resources."
_, resources = plan_runner(tf_var_file='test.all.tfvars')
counts = collections.Counter(f'{r["type"]}.{r["name"]}' for r in resources)
assert counts == {
'google_apigee_organization.organization': 1,
'google_apigee_envgroup.envgroups': 2,
'google_apigee_environment.environments': 2,
'google_apigee_envgroup_attachment.envgroup_attachments': 2,
'google_apigee_instance.instances': 2,
'google_apigee_instance_attachment.instance_attachments': 2,
'google_apigee_endpoint_attachment.endpoint_attachments': 2,
'google_apigee_environment_iam_binding.binding': 1
}
def test_organization_only(plan_runner):
"Test that creates only an organization."
_, resources = plan_runner(tf_var_file='test.organization_only.tfvars')
counts = collections.Counter(f'{r["type"]}.{r["name"]}' for r in resources)
assert counts == {
'google_apigee_organization.organization': 1
}
def test_envgroup_only(plan_runner):
"Test that creates only an environment group in an existing organization."
_, resources = plan_runner(tf_var_file='test.envgroup_only.tfvars')
counts = collections.Counter(f'{r["type"]}.{r["name"]}' for r in resources)
assert counts == {
'google_apigee_envgroup.envgroups': 1,
}
def test_env_only(plan_runner):
"Test that creates an environment in an existing environment group."
_, resources = plan_runner(tf_var_file='test.env_only.tfvars')
counts = collections.Counter(f'{r["type"]}.{r["name"]}' for r in resources)
assert counts == {
'google_apigee_environment.environments': 1,
'google_apigee_envgroup_attachment.envgroup_attachments': 1,
}
def test_env_only_with_deployment_type(plan_runner):
"Test that creates an environment in an existing environment group, with deployment_type set."
_, resources = plan_runner(tf_var_file='test.env_only_with_deployment_type.tfvars')
assert [r['values'].get('deployment_type') for r in resources
] == [None, 'ARCHIVE']
def test_env_only_with_api_proxy_type(plan_runner):
"Test that creates an environment in an existing environment group, with api_proxy_type set."
_, resources = plan_runner(tf_var_file='test.env_only_with_api_proxy_type.tfvars')
assert [r['values'].get('api_proxy_type') for r in resources
] == [None, 'PROGRAMMABLE']
def test_instance_only(plan_runner):
"Test that creates only an instance."
_, resources = plan_runner(tf_var_file='test.instance_only.tfvars')
counts = collections.Counter(f'{r["type"]}.{r["name"]}' for r in resources)
assert counts == {
'google_apigee_instance.instances': 1,
'google_apigee_instance_attachment.instance_attachments': 1
}
def test_endpoint_attachment_only(plan_runner):
"Test that creates only an instance."
_, resources = plan_runner(tf_var_file='test.endpoint_attachment_only.tfvars')
counts = collections.Counter(f'{r["type"]}.{r["name"]}' for r in resources)
assert counts == {
'google_apigee_endpoint_attachment.endpoint_attachments': 1,
}
def test_no_instances(plan_runner):
"Test that creates everything but the instances."
_, resources = plan_runner(tf_var_file='test.no_instances.tfvars')
counts = collections.Counter(f'{r["type"]}.{r["name"]}' for r in resources)
assert counts == {
'google_apigee_organization.organization': 1,
'google_apigee_envgroup.envgroups': 2,
'google_apigee_environment.environments': 2,
'google_apigee_envgroup_attachment.envgroup_attachments': 2,
}

22
tests/modules/binauthz/test_plan.py → tests/modules/apigee/tftest.yaml
View File

@ -1,4 +1,4 @@
# Copyright 2022 Google LLC
# Copyright 2023 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@ -12,13 +12,15 @@
# See the License for the specific language governing permissions and
# limitations under the License.
import pytest
module: modules/apigee
@pytest.fixture
def resources(plan_runner):
_, resources = plan_runner()
return resources
def test_resource_count(resources):
"Test number of resources created."
assert len(resources) == 4
tests:
all:
endpoint_attachment_only:
env_only:
env_only_with_api_proxy_type:
env_only_with_deployment_type:
envgroup_only:
instance_only:
no_instances:
organization_only:

13
tests/modules/bigquery_dataset/__init__.py
View File

@ -1,13 +0,0 @@
# Copyright 2022 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

29
tests/modules/bigquery_dataset/examples/iam.yaml Normal file
View File

@ -0,0 +1,29 @@
# Copyright 2023 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
values:
module.bigquery-dataset.google_bigquery_dataset.default:
dataset_id: my-dataset
project: my-project
module.bigquery-dataset.google_bigquery_dataset_iam_binding.bindings["roles/bigquery.dataOwner"]:
condition: []
dataset_id: my-dataset
members:
- user:user1@example.org
project: my-project
role: roles/bigquery.dataOwner
counts:
google_bigquery_dataset: 1
google_bigquery_dataset_iam_binding: 1

25
tests/modules/bigquery_dataset/examples/options.yaml Normal file
View File

@ -0,0 +1,25 @@
# Copyright 2023 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
values:
module.bigquery-dataset.google_bigquery_dataset.default:
dataset_id: my-dataset
default_partition_expiration_ms: null
default_table_expiration_ms: 3600000
delete_contents_on_destroy: false
location: EU
project: my-project
counts:
google_bigquery_dataset: 1

27
tests/modules/kms/test_plan.py → tests/modules/bigquery_dataset/examples/partitioning.yaml
View File

@ -1,4 +1,4 @@
# Copyright 2022 Google LLC
# Copyright 2023 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@ -12,14 +12,17 @@
# See the License for the specific language governing permissions and
# limitations under the License.
def test_resources(plan_runner):
"Test module resources."
_, resources = plan_runner()
assert sorted(r['type'] for r in resources) == [
'google_kms_crypto_key',
'google_kms_crypto_key',
'google_kms_crypto_key',
'google_kms_crypto_key_iam_binding',
'google_kms_key_ring',
'google_kms_key_ring_iam_binding'
]
values:
module.bigquery-dataset.google_bigquery_dataset.default:
dataset_id: my-dataset
location: EU
project: my-project
module.bigquery-dataset.google_bigquery_table.default["table_a"]:
time_partitioning:
- field: null
require_partition_filter: null
type: DAY
counts:
google_bigquery_dataset: 1
google_bigquery_table: 1

46
tests/modules/bigquery_dataset/examples/simple.yaml Normal file
View File

@ -0,0 +1,46 @@
# Copyright 2023 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
values:
module.bigquery-dataset.google_bigquery_dataset.default:
dataset_id: my-dataset
description: Terraform managed.
location: EU
project: my-project
module.bigquery-dataset.google_bigquery_dataset_access.group_by_email["reader-group"]:
dataset_id: my-dataset
group_by_email: playground-test@ludomagno.net
project: my-project
role: READER
module.bigquery-dataset.google_bigquery_dataset_access.special_group["project_owners"]:
dataset_id: my-dataset
project: my-project
role: OWNER
special_group: projectOwners
module.bigquery-dataset.google_bigquery_dataset_access.user_by_email["owner"]:
dataset_id: my-dataset
project: my-project
role: OWNER
user_by_email: ludo@ludomagno.net
module.bigquery-dataset.google_bigquery_dataset_access.views["view_1"]:
dataset_id: my-dataset
project: my-project
view:
- dataset_id: my-dataset
project_id: my-project
table_id: my-table
counts:
google_bigquery_dataset: 1
google_bigquery_dataset_access: 4

39
tests/modules/bigquery_dataset/examples/tables.yaml Normal file
View File

@ -0,0 +1,39 @@
# Copyright 2023 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
values:
module.bigquery-dataset.google_bigquery_dataset.default:
dataset_id: my_dataset
project: my-project
module.bigquery-dataset.google_bigquery_table.default["countries"]:
clustering: null
dataset_id: my_dataset
deletion_protection: true
description: Terraform managed.
friendly_name: Countries
materialized_view: []
project: my-project
range_partitioning: []
schema: '[{"name":"country","type":"STRING"},{"name":"population","type":"INT64"}]'
table_id: countries
time_partitioning: []
view: []
counts:
google_bigquery_dataset: 1
google_bigquery_table: 1
modules: 1
resources: 2
outputs: {}

35
tests/modules/bigquery_dataset/examples/views.yaml Normal file
View File

@ -0,0 +1,35 @@
# Copyright 2023 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
values:
module.bigquery-dataset.google_bigquery_dataset.default:
dataset_id: my_dataset
location: EU
project: my-project
module.bigquery-dataset.google_bigquery_table.default["countries"]:
dataset_id: my_dataset
friendly_name: Countries
module.bigquery-dataset.google_bigquery_table.views["population"]:
dataset_id: my_dataset
deletion_protection: true
friendly_name: Population
project: my-project
table_id: population
view:
- query: SELECT SUM(population) FROM my_dataset.countries
use_legacy_sql: false
counts:
google_bigquery_dataset: 1
google_bigquery_table: 2

21
tests/modules/bigquery_dataset/fixture/main.tf
View File

@ -1,21 +0,0 @@
/**
* Copyright 2022 Google LLC
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
module "test" {
source = "../../../../modules/bigquery-dataset"
project_id = "my-project"
id = "test"
}

13
tests/modules/billing_budget/__init__.py
View File

@ -1,13 +0,0 @@
# Copyright 2022 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

58
tests/modules/billing_budget/examples/email.yaml Normal file
View File

@ -0,0 +1,58 @@
# Copyright 2023 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
values:
module.budget.google_billing_budget.budget:
all_updates_rule:
- disable_default_iam_recipients: false
pubsub_topic: null
schema_version: '1.0'
amount:
- last_period_amount: null
specified_amount:
- nanos: null
units: '100'
billing_account: 123456-123456-123456
budget_filter:
- calendar_period: null
credit_types_treatment: INCLUDE_ALL_CREDITS
custom_period: []
projects:
- projects/123456789000
- projects/123456789111
display_name: $100 budget
threshold_rules:
- spend_basis: CURRENT_SPEND
threshold_percent: 0.5
- spend_basis: CURRENT_SPEND
threshold_percent: 0.75
- spend_basis: CURRENT_SPEND
threshold_percent: 1
- spend_basis: FORECASTED_SPEND
threshold_percent: 1
module.budget.google_monitoring_notification_channel.email_channels["user@example.com"]:
description: null
display_name: $100 budget budget email notification (user@example.com)
enabled: true
force_delete: false
labels:
email_address: user@example.com
project: my-project
sensitive_labels: []
type: email
user_labels: null
counts:
google_billing_budget: 1
google_monitoring_notification_channel: 1

39
tests/modules/billing_budget/examples/pubsub.yaml Normal file
View File

@ -0,0 +1,39 @@
# Copyright 2023 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
values:
module.budget.google_billing_budget.budget:
all_updates_rule:
- disable_default_iam_recipients: false
monitoring_notification_channels: []
pubsub_topic: projects/project-id/topics/budget-topic
schema_version: '1.0'
amount:
- last_period_amount: true
specified_amount: []
billing_account: 123456-123456-123456
budget_filter:
- calendar_period: null
credit_types_treatment: INCLUDE_ALL_CREDITS
custom_period: []
projects: null
display_name: previous period budget
threshold_rules:
- spend_basis: CURRENT_SPEND
threshold_percent: 1
timeouts: null
counts:
google_billing_budget: 1
google_pubsub_topic: 1

30
tests/modules/billing_budget/fixture/main.tf
View File

@ -1,30 +0,0 @@
/**
* Copyright 2022 Google LLC
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
module "budget" {
source = "../../../../modules/billing-budget"
billing_account = "123456-123456-123456"
name = "my budget"
projects = var.projects
services = var.services
notify_default_recipients = var.notify_default_recipients
amount = var.amount
credit_treatment = var.credit_treatment
pubsub_topic = var.pubsub_topic
notification_channels = var.notification_channels
thresholds = var.thresholds
email_recipients = var.email_recipients
}

69
tests/modules/billing_budget/fixture/variables.tf
View File

@ -1,69 +0,0 @@
/**
* Copyright 2022 Google LLC
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
variable "amount" {
type = number
default = 0
}
variable "credit_treatment" {
type = string
default = "INCLUDE_ALL_CREDITS"
}
variable "email_recipients" {
type = object({
project_id = string
emails = list(string)
})
default = null
}
variable "notification_channels" {
type = list(string)
default = null
}
variable "notify_default_recipients" {
type = bool
default = false
}
variable "projects" {
type = list(string)
default = null
}
variable "pubsub_topic" {
type = string
default = null
}
variable "services" {
type = list(string)
default = null
}
variable "thresholds" {
type = object({
current = list(number)
forecasted = list(number)
})
default = {
current = [0.5, 1.0]
forecasted = [1.0]
}
}

63
tests/modules/billing_budget/test_plan.py
View File

@ -1,63 +0,0 @@
# Copyright 2022 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
def test_pubsub(plan_runner):
"Test number of resources created."
_, resources = plan_runner(pubsub_topic='topic')
assert len(resources) == 1
resource = resources[0]
assert resource['values']['all_updates_rule'] == [
{'disable_default_iam_recipients': False,
'monitoring_notification_channels': [],
'pubsub_topic': 'topic',
'schema_version': '1.0'}
]
def test_channel(plan_runner):
_, resources = plan_runner(notification_channels='["channel"]')
assert len(resources) == 1
resource = resources[0]
assert resource['values']['all_updates_rule'] == [
{'disable_default_iam_recipients': True,
'monitoring_notification_channels': ['channel'],
'pubsub_topic': None,
'schema_version': '1.0'}
]
def test_emails(plan_runner):
email_recipients = '{project_id = "project", emails = ["a@b.com", "c@d.com"]}'
_, resources = plan_runner(email_recipients=email_recipients)
assert len(resources) == 3
def test_absolute_amount(plan_runner):
"Test absolute amount budget."
_, resources = plan_runner(pubsub_topic='topic', amount="100")
assert len(resources) == 1
resource = resources[0]
amount = resource['values']['amount'][0]
assert amount['last_period_amount'] is None
assert amount['specified_amount'] == [{'nanos': None, 'units': '100'}]
assert resource['values']['threshold_rules'] == [
{'spend_basis': 'CURRENT_SPEND',
'threshold_percent': 0.5},
{'spend_basis': 'CURRENT_SPEND',
'threshold_percent': 1},
{'spend_basis': 'FORECASTED_SPEND',
'threshold_percent': 1}
]

13
tests/modules/binauthz/__init__.py
View File

@ -1,13 +0,0 @@
# Copyright 2022 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

23
tests/modules/binauthz/fixture/main.tf
View File

@ -1,23 +0,0 @@
/**
* Copyright 2022 Google LLC
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
module "test" {
source = "../../../../modules/binauthz"
project_id = var.project_id
global_policy_evaluation_mode = var.global_policy_evaluation_mode
default_admission_rule = var.default_admission_rule
attestors_config = var.attestors_config
}

103
tests/modules/binauthz/fixture/variables.tf
View File

@ -1,103 +0,0 @@
/**
* Copyright 2022 Google LLC
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
variable "project_id" {
type = string
default = "my_project"
}
variable "global_policy_evaluation_mode" {
type = string
default = null
}
variable "admission_whitelist_patterns" {
type = list(string)
default = [
"gcr.io/google_containers/*"
]
}
variable "default_admission_rule" {
type = object({
evaluation_mode = string
enforcement_mode = string
attestors = list(string)
})
default = {
evaluation_mode = "ALWAYS_ALLOW"
enforcement_mode = "ENFORCED_BLOCK_AND_AUDIT_LOG"
attestors = null
}
}
variable "cluster_admission_rules" {
type = map(object({
evaluation_mode = string
enforcement_mode = string
attestors = list(string)
}))
default = {
"europe-west1-c.cluster" = {
evaluation_mode = "REQUIRE_ATTESTATION"
enforcement_mode = "ENFORCED_BLOCK_AND_AUDIT_LOG"
attestors = ["test"]
}
}
}
variable "attestors_config" {
description = "Attestors configuration"
type = map(object({
note_reference = string
iam = map(list(string))
pgp_public_keys = list(string)
pkix_public_keys = list(object({
id = string
public_key_pem = string
signature_algorithm = string
}))
}))
default = {
"test" : {
note_reference = null
pgp_public_keys = [
<<EOT
mQENBFtP0doBCADF+joTiXWKVuP8kJt3fgpBSjT9h8ezMfKA4aXZctYLx5wslWQl
bB7Iu2ezkECNzoEeU7WxUe8a61pMCh9cisS9H5mB2K2uM4Jnf8tgFeXn3akJDVo0
oR1IC+Dp9mXbRSK3MAvKkOwWlG99sx3uEdvmeBRHBOO+grchLx24EThXFOyP9Fk6
V39j6xMjw4aggLD15B4V0v9JqBDdJiIYFzszZDL6pJwZrzcP0z8JO4rTZd+f64bD
Mpj52j/pQfA8lZHOaAgb1OrthLdMrBAjoDjArV4Ek7vSbrcgYWcI6BhsQrFoxKdX
83TZKai55ZCfCLIskwUIzA1NLVwyzCS+fSN/ABEBAAG0KCJUZXN0IEF0dGVzdG9y
IiA8ZGFuYWhvZmZtYW5AZ29vZ2xlLmNvbT6JAU4EEwEIADgWIQRfWkqHt6hpTA1L
uY060eeM4dc66AUCW0/R2gIbLwULCQgHAgYVCgkICwIEFgIDAQIeAQIXgAAKCRA6
0eeM4dc66HdpCAC4ot3b0OyxPb0Ip+WT2U0PbpTBPJklesuwpIrM4Lh0N+1nVRLC
51WSmVbM8BiAFhLbN9LpdHhds1kUrHF7+wWAjdR8sqAj9otc6HGRM/3qfa2qgh+U
WTEk/3us/rYSi7T7TkMuutRMIa1IkR13uKiW56csEMnbOQpn9rDqwIr5R8nlZP5h
MAU9vdm1DIv567meMqTaVZgR3w7bck2P49AO8lO5ERFpVkErtu/98y+rUy9d789l
+OPuS1NGnxI1YKsNaWJF4uJVuvQuZ1twrhCbGNtVorO2U12+cEq+YtUxj7kmdOC1
qoIRW6y0+UlAc+MbqfL0ziHDOAmcqz1GnROg
=6Bvm
EOT
]
pkix_public_keys = null
iam = {
"roles/viewer" = ["user:user1@my_org.com"]
}
}
}
}

0
tests/modules/cloud_function/fixture/bundle/main.py → tests/modules/cloud_function/bundle/main.py
View File

11
tests/modules/cloud_function/common.tfvars Normal file
View File

@ -0,0 +1,11 @@
project_id = "my-project"
name = "test"
bucket_name = "mybucket"
bundle_config = {
source_dir = "../../tests/modules/cloud_function/bundle"
output_path = "bundle.zip"
excludes = null
}
iam = {
"roles/cloudfunctions.invoker" = ["allUsers"]
}

12
tests/modules/cloud_function/fixture/common.tfvars Normal file
View File

@ -0,0 +1,12 @@
project_id = "my-project"
name = "test"
bucket_name = var.bucket_name
v2 = var.v2
bundle_config = {
source_dir = "bundle"
output_path = "bundle.zip"
excludes = null
}
iam = {
"roles/cloudfunctions.invoker" = ["allUsers"]
}

25
tests/modules/cloud_function/test_plan.py
View File

@ -1,4 +1,4 @@
# Copyright 2022 Google LLC
# Copyright 2023 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@ -16,29 +16,28 @@ import pytest
@pytest.fixture
def resources(plan_runner, version):
def resources(plan_summary, version):
# convert `version` to a boolean suitable for the `v2` variable
v2 = {'v1': 'false', 'v2': 'true'}[version]
_, resources = plan_runner(v2=v2)
return resources
summary = plan_summary('modules/cloud-function',
tf_var_files=['common.tfvars'], v2=v2)
return summary
@pytest.mark.parametrize('version', ['v1', 'v2'])
def test_resource_count(resources):
"Test number of resources created."
assert len(resources) == 3
assert resources.counts['resources'] == 3
@pytest.mark.parametrize('version', ['v1', 'v2'])
def test_iam(resources, version):
"Test IAM binding resources."
types = {
type = {
'v1': 'google_cloudfunctions_function_iam_binding',
'v2': 'google_cloudfunctions2_function_iam_binding'
}
bindings = [r['values'] for r in resources if r['type'] == types[version]]
assert len(bindings) == 1
assert bindings[0]['role'] == 'roles/cloudfunctions.invoker'
assert bindings[0]['members'] == ['allUsers']
}[version]
key = f'{type}.default["roles/cloudfunctions.invoker"]'
binding = resources.values[key]
assert binding['role'] == 'roles/cloudfunctions.invoker'
assert binding['members'] == ['allUsers']

13
tests/modules/compute_mig/__init__.py
View File

@ -1,13 +0,0 @@
# Copyright 2022 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

37
tests/modules/compute_mig/examples/autoscaling.yaml Normal file
View File

@ -0,0 +1,37 @@
# Copyright 2023 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
values:
module.nginx-mig.google_compute_autoscaler.default[0]:
autoscaling_policy:
- cooldown_period: 30
cpu_utilization:
- predictive_method: NONE
target: 0.65
load_balancing_utilization: []
max_replicas: 3
metric: []
min_replicas: 1
mode: 'ON'
scale_in_control: []
scaling_schedules: []
name: mig-test
project: my-project
timeouts: null
zone: europe-west1-b
counts:
google_compute_autoscaler: 1
google_compute_instance_group_manager: 1
google_compute_instance_template: 1

43
tests/modules/compute_mig/examples/health-check.yaml Normal file
View File

@ -0,0 +1,43 @@
# Copyright 2023 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
values:
module.nginx-mig.google_compute_health_check.default[0]:
check_interval_sec: 5
grpc_health_check: []
healthy_threshold: 2
http2_health_check: []
http_health_check:
- host: null
port: 80
port_name: null
port_specification: null
proxy_header: NONE
request_path: /
response: null
https_health_check: []
log_config:
- enable: true
name: mig-test
project: my-project
ssl_health_check: []
tcp_health_check: []
timeout_sec: 5
timeouts: null
unhealthy_threshold: 2
counts:
google_compute_health_check: 1
google_compute_instance_group_manager: 1
google_compute_instance_template: 1

25
tests/modules/compute_mig/examples/simple.yaml Normal file
View File

@ -0,0 +1,25 @@
# Copyright 2023 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
values:
module.nginx-mig.google_compute_instance_group_manager.default[0]:
base_instance_name: mig-test
name: mig-test
project: my-project
target_size: 2
zone: europe-west1-b
counts:
google_compute_instance_group_manager: 1
google_compute_instance_template: 1

37
tests/modules/compute_mig/examples/stateful.yaml Normal file
View File

@ -0,0 +1,37 @@
# Copyright 2023 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
values:
module.nginx-mig.google_compute_per_instance_config.default["instance-1"]:
minimal_action: NONE
most_disruptive_allowed_action: REPLACE
name: instance-1
preserved_state:
- disk:
- delete_rule: NEVER
device_name: persistent-disk-1
mode: READ_WRITE
source: test-disk
metadata:
foo: bar
project: my-project
remove_instance_state_on_destroy: false
timeouts: null
zone: europe-west1-b
counts:
google_compute_autoscaler: 1
google_compute_instance_group_manager: 1
google_compute_instance_template: 1
google_compute_per_instance_config: 1

41
tests/modules/compute_mig/fixture/main.tf
View File

@ -1,41 +0,0 @@
/**
* Copyright 2022 Google LLC
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
# Used in stateful disk test
resource "google_compute_disk" "default" {
name = "test-disk"
type = "pd-ssd"
zone = "europe-west1-c"
image = "debian-9-stretch-v20200805"
physical_block_size_bytes = 4096
}
module "test" {
source = "../../../../modules/compute-mig"
project_id = "my-project"
name = "test-mig"
target_size = 2
default_version_name = "foo"
instance_template = "foo-template"
location = var.location
autoscaler_config = var.autoscaler_config
health_check_config = var.health_check_config
named_ports = var.named_ports
stateful_config = var.stateful_config
stateful_disks = var.stateful_disks
update_policy = var.update_policy
versions = var.versions
}

95
tests/modules/compute_mig/fixture/variables.tf
View File

@ -1,95 +0,0 @@
/**
* Copyright 2022 Google LLC
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
variable "all_instances_config" {
type = any
default = null
}
variable "auto_healing_policies" {
type = any
default = null
}
variable "autoscaler_config" {
type = any
default = null
}
variable "default_version_name" {
type = any
default = "default"
}
variable "description" {
type = any
default = "Terraform managed."
}
variable "distribution_policy" {
type = any
default = null
}
variable "health_check_config" {
type = any
default = null
}
variable "location" {
type = any
default = "europe-west1-b"
}
variable "named_ports" {
type = any
default = null
}
variable "stateful_disks" {
type = any
default = {}
}
variable "stateful_config" {
type = any
default = {}
}
variable "target_pools" {
type = any
default = []
}
variable "target_size" {
type = any
default = null
}
variable "update_policy" {
type = any
default = null
}
variable "versions" {
type = any
default = {}
}
variable "wait_for_instances" {
type = any
default = null
}

134
tests/modules/compute_mig/test_plan.py
View File

@ -1,134 +0,0 @@
# Copyright 2022 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
def test_defaults(plan_runner):
"Test variable defaults."
_, resources = plan_runner()
assert len(resources) == 1
print(resources[0]['type'])
mig = resources[0]
assert mig['type'] == 'google_compute_instance_group_manager'
assert mig['values']['target_size'] == 2
assert mig['values']['zone']
_, resources = plan_runner(location='"europe-west1"')
assert len(resources) == 1
mig = resources[0]
assert mig['type'] == 'google_compute_region_instance_group_manager'
assert mig['values']['target_size'] == 2
assert mig['values']['region']
def test_health_check(plan_runner):
"Test health check resource."
health_check_config = '''{
enable_logging = true
tcp = {
port = 80
}
}'''
_, resources = plan_runner(health_check_config=health_check_config)
assert len(resources) == 2
assert any(r['type'] == 'google_compute_health_check' for r in resources)
def test_autoscaler(plan_runner):
"Test autoscaler resource."
autoscaler_config = '''{
colldown_period = 60
max_replicas = 3
min_replicas = 1
scaling_signals = {
cpu_utilization = {
target = 65
}
}
}'''
_, resources = plan_runner(autoscaler_config=autoscaler_config)
assert len(resources) == 2
autoscaler = resources[0]
assert autoscaler['type'] == 'google_compute_autoscaler'
assert autoscaler['values']['autoscaling_policy'] == [{
'cooldown_period': 60,
'cpu_utilization': [{
'predictive_method': 'NONE',
'target': 65
}],
'load_balancing_utilization': [],
'max_replicas': 3,
'metric': [],
'min_replicas': 1,
'mode': 'ON',
'scale_in_control': [],
'scaling_schedules': [],
}]
_, resources = plan_runner(autoscaler_config=autoscaler_config,
location='"europe-west1"')
assert len(resources) == 2
autoscaler = resources[0]
assert autoscaler['type'] == 'google_compute_region_autoscaler'
def test_stateful_mig(plan_runner):
"Test stateful instances - mig."
stateful_disks = '''{
persistent-disk-1 = false
}'''
_, resources = plan_runner(stateful_disks=stateful_disks)
assert len(resources) == 1
statefuldisk = resources[0]
assert statefuldisk['type'] == 'google_compute_instance_group_manager'
assert statefuldisk['values']['stateful_disk'] == [{
'device_name': 'persistent-disk-1',
'delete_rule': 'NEVER',
}]
def test_stateful_instance(plan_runner):
"Test stateful instances - instance."
stateful_config = '''{
instance-1 = {
most_disruptive_action = "REPLACE",
preserved_state = {
disks = {
persistent-disk-1 = {
source = "test-disk"
}
}
metadata = { foo = "bar" }
}
}
}'''
_, resources = plan_runner(stateful_config=stateful_config)
assert len(resources) == 2
instanceconfig = resources[0]
assert instanceconfig['type'] == 'google_compute_instance_group_manager'
instanceconfig = resources[1]
assert instanceconfig['type'] == 'google_compute_per_instance_config'
assert instanceconfig['values']['preserved_state'] == [{
'disk': [{
'device_name': 'persistent-disk-1',
'delete_rule': 'NEVER',
'source': 'test-disk',
'mode': 'READ_WRITE',
}],
'metadata': {
'foo': 'bar'
}
}]
assert instanceconfig['values']['minimal_action'] == 'NONE'
assert instanceconfig['values']['most_disruptive_allowed_action'] == 'REPLACE'
assert instanceconfig['values']['remove_instance_state_on_destroy'] == False

38
tests/modules/gke_cluster_autopilot/examples/backup.yaml Normal file
View File

@ -0,0 +1,38 @@
# Copyright 2023 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
values:
module.cluster-1.google_container_cluster.cluster:
location: europe-west1
name: cluster-1
module.cluster-1.google_gke_backup_backup_plan.backup_plan["backup-1"]:
backup_config:
- all_namespaces: true
encryption_key: []
include_secrets: true
include_volume_data: true
selected_applications: []
selected_namespaces: []
backup_schedule:
- cron_schedule: 0 9 * * 1
location: europe-west-2
name: backup-1
project: project-id
retention_policy:
- locked: false
counts:
google_container_cluster: 1
google_gke_backup_backup_plan: 1

28
tests/modules/gke_cluster_autopilot/examples/basic.yaml Normal file
View File

@ -0,0 +1,28 @@
# Copyright 2023 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
values:
module.cluster-1.google_container_cluster.cluster:
private_cluster_config:
- enable_private_endpoint: true
enable_private_nodes: true
master_global_access_config:
- enabled: false
master_ipv4_cidr_block: 192.168.0.0/28
private_endpoint_subnetwork: null
resource_labels:
environment: dev
counts:
google_container_cluster: 1

Some files were not shown because too many files have changed in this diff Show More