Fixed e2e tests for alloydb module (#2321)
* fixed e2e tests for alloydb module
This commit is contained in:
parent
d1ec3b0499
commit
941a35ab69
|
@ -1,6 +1,6 @@
|
|||
# AlloyDB module
|
||||
|
||||
This module manages the creation of an AlloyDB cluster. It also supports cross-region replication scenario by setting up a secondary cluster.
|
||||
This module manages the creation of an AlloyDB cluster. It also supports cross-region replication scenario by setting up a secondary cluster.
|
||||
It can also create an initial set of users via the `users` variable.
|
||||
|
||||
Note that this module assumes that some options are the same for both the primary instance and the secondary one in case of cross regional replication configuration.
|
||||
|
@ -43,8 +43,7 @@ module "vpc" {
|
|||
name = "my-network"
|
||||
# need only one - psa_config or subnets_psc
|
||||
psa_configs = [{
|
||||
ranges = { alloydb = "10.60.0.0/16" }
|
||||
deletion_policy = "ABANDON"
|
||||
ranges = { alloydb = "10.60.0.0/16" }
|
||||
}]
|
||||
subnets_psc = [{
|
||||
ip_cidr_range = "10.0.3.0/24"
|
||||
|
@ -86,7 +85,7 @@ module "alloydb" {
|
|||
# tftest modules=1 resources=4 inventory=cross_region_replication.yaml e2e
|
||||
```
|
||||
|
||||
In a cross-region replication scenario (like in the previous example) this module also supports [promoting the secondary instance](https://cloud.google.com/alloydb/docs/cross-region-replication/work-with-cross-region-replication#promote-secondary-cluster) to become a primary instance via the `var.cross_region_replication.promote_secondary` flag.
|
||||
In a cross-region replication scenario (like in the previous example) this module also supports [promoting the secondary instance](https://cloud.google.com/alloydb/docs/cross-region-replication/work-with-cross-region-replication#promote-secondary-cluster) to become a primary instance via the `var.cross_region_replication.promote_secondary` flag.
|
||||
|
||||
### Custom flags and users definition
|
||||
|
||||
|
@ -137,7 +136,7 @@ module "alloydb" {
|
|||
}
|
||||
}
|
||||
|
||||
# tftest modules=1 resources=2 inventory=cmek.yaml e2e
|
||||
# tftest modules=1 resources=3 fixtures=fixtures/alloydb-kms-iam-grant.tf inventory=cmek.yaml e2e
|
||||
```
|
||||
<!-- BEGIN TFDOC -->
|
||||
## Variables
|
||||
|
@ -188,4 +187,8 @@ module "alloydb" {
|
|||
| [secondary_id](outputs.tf#L68) | Fully qualified primary instance id. | |
|
||||
| [secondary_ip](outputs.tf#L73) | IP address of the primary instance. | |
|
||||
| [user_passwords](outputs.tf#L78) | Map of containing the password of all users created through terraform. | ✓ |
|
||||
|
||||
## Fixtures
|
||||
|
||||
- [alloydb-kms-iam-grant.tf](../../tests/fixtures/alloydb-kms-iam-grant.tf)
|
||||
<!-- END TFDOC -->
|
||||
|
|
|
@ -139,6 +139,12 @@ resource "google_alloydb_cluster" "primary" {
|
|||
}
|
||||
}
|
||||
}
|
||||
# waiting to fix this issue https://github.com/hashicorp/terraform-provider-google/issues/14944
|
||||
lifecycle {
|
||||
ignore_changes = [
|
||||
display_name
|
||||
]
|
||||
}
|
||||
}
|
||||
|
||||
resource "google_alloydb_instance" "primary" {
|
||||
|
@ -194,6 +200,13 @@ resource "google_alloydb_instance" "primary" {
|
|||
query_plans_per_minute = var.query_insights_config.query_plans_per_minute
|
||||
}
|
||||
}
|
||||
|
||||
# waiting to fix this issue https://github.com/hashicorp/terraform-provider-google/issues/14944
|
||||
lifecycle {
|
||||
ignore_changes = [
|
||||
network_config
|
||||
]
|
||||
}
|
||||
}
|
||||
|
||||
resource "google_alloydb_cluster" "secondary" {
|
||||
|
@ -299,13 +312,19 @@ resource "google_alloydb_cluster" "secondary" {
|
|||
}
|
||||
|
||||
dynamic "secondary_config" {
|
||||
for_each = var.cross_region_replication.promote_secondary ? [""] : []
|
||||
for_each = var.cross_region_replication.promote_secondary ? [] : [""]
|
||||
content {
|
||||
primary_cluster_name = google_alloydb_cluster.primary.id
|
||||
}
|
||||
}
|
||||
|
||||
depends_on = [google_alloydb_instance.primary]
|
||||
# waiting to fix this issue https://github.com/hashicorp/terraform-provider-google/issues/14944
|
||||
lifecycle {
|
||||
ignore_changes = [
|
||||
display_name
|
||||
]
|
||||
}
|
||||
}
|
||||
|
||||
resource "google_alloydb_instance" "secondary" {
|
||||
|
@ -362,6 +381,13 @@ resource "google_alloydb_instance" "secondary" {
|
|||
query_plans_per_minute = var.query_insights_config.query_plans_per_minute
|
||||
}
|
||||
}
|
||||
|
||||
# waiting to fix this issue https://github.com/hashicorp/terraform-provider-google/issues/14944
|
||||
lifecycle {
|
||||
ignore_changes = [
|
||||
network_config
|
||||
]
|
||||
}
|
||||
}
|
||||
|
||||
resource "random_password" "passwords" {
|
||||
|
@ -381,4 +407,5 @@ resource "google_alloydb_user" "users" {
|
|||
user_type = each.value.type
|
||||
password = each.value.password
|
||||
database_roles = each.value.roles
|
||||
depends_on = [google_alloydb_instance.primary]
|
||||
}
|
||||
|
|
|
@ -15,6 +15,7 @@
|
|||
locals {
|
||||
prefix = "${var.prefix}-${var.timestamp}${var.suffix}"
|
||||
jit_services = [
|
||||
"alloydb.googleapis.com", # no permissions granted by default
|
||||
"storage.googleapis.com", # no permissions granted by default
|
||||
"sqladmin.googleapis.com", # roles/cloudsql.serviceAgent
|
||||
]
|
||||
|
|
|
@ -0,0 +1,21 @@
|
|||
/**
|
||||
* Copyright 2024 Google LLC
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*/
|
||||
|
||||
resource "google_kms_crypto_key_iam_member" "alloydb_encrypt_decrypt" {
|
||||
crypto_key_id = var.kms_key.id
|
||||
role = "roles/cloudkms.cryptoKeyEncrypterDecrypter"
|
||||
member = "serviceAccount:service-${var.project_number}@gcp-sa-alloydb.iam.gserviceaccount.com"
|
||||
}
|
|
@ -65,6 +65,6 @@ counts:
|
|||
google_alloydb_cluster: 1
|
||||
google_alloydb_instance: 1
|
||||
modules: 1
|
||||
resources: 2
|
||||
resources: 3
|
||||
|
||||
outputs: {}
|
||||
|
|
|
@ -61,7 +61,7 @@ values:
|
|||
project: project-id
|
||||
restore_backup_source: []
|
||||
restore_continuous_backup_source: []
|
||||
secondary_config: []
|
||||
secondary_config: [{}]
|
||||
timeouts: null
|
||||
module.alloydb.google_alloydb_instance.primary:
|
||||
annotations: null
|
||||
|
|
|
@ -152,7 +152,6 @@ values:
|
|||
role: null
|
||||
timeouts: null
|
||||
module.vpc.google_service_networking_connection.psa_connection["servicenetworking.googleapis.com"]:
|
||||
deletion_policy: ABANDON
|
||||
reserved_peering_ranges:
|
||||
- servicenetworking-googleapis-com-alloydb
|
||||
service: servicenetworking.googleapis.com
|
||||
|
|
Loading…
Reference in New Issue