Merge pull request #1327 from GoogleCloudPlatform/jccb/migrate-tests
Migrate more tests
This commit is contained in:
commit
c28f7e69e9
|
@ -32,7 +32,7 @@ module "bigtable-instance" {
|
|||
"roles/bigtable.user" = ["user:viewer@testdomain.com"]
|
||||
}
|
||||
}
|
||||
# tftest modules=1 resources=4
|
||||
# tftest modules=1 resources=4 inventory=simple.yaml
|
||||
```
|
||||
|
||||
### Instance with tables and column families
|
||||
|
@ -65,7 +65,7 @@ module "bigtable-instance" {
|
|||
}
|
||||
}
|
||||
}
|
||||
# tftest modules=1 resources=4
|
||||
# tftest modules=1 resources=4 inventory=columns.yaml
|
||||
```
|
||||
|
||||
### Instance with replication enabled
|
||||
|
@ -88,7 +88,7 @@ module "bigtable-instance" {
|
|||
}
|
||||
}
|
||||
}
|
||||
# tftest modules=1 resources=1
|
||||
# tftest modules=1 resources=1 inventory=replication.yaml
|
||||
```
|
||||
|
||||
### Instance with garbage collection policy
|
||||
|
@ -118,7 +118,7 @@ module "bigtable-instance" {
|
|||
}
|
||||
}
|
||||
}
|
||||
# tftest modules=1 resources=3
|
||||
# tftest modules=1 resources=3 inventory=gc.yaml
|
||||
```
|
||||
|
||||
### Instance with default garbage collection policy
|
||||
|
@ -172,7 +172,7 @@ module "bigtable-instance" {
|
|||
}
|
||||
}
|
||||
}
|
||||
# tftest modules=1 resources=1
|
||||
# tftest modules=1 resources=1 inventory=static.yaml
|
||||
```
|
||||
|
||||
### Instance with autoscaling (based on CPU only)
|
||||
|
@ -198,7 +198,7 @@ module "bigtable-instance" {
|
|||
|
||||
|
||||
}
|
||||
# tftest modules=1 resources=1
|
||||
# tftest modules=1 resources=1 inventory=autoscaling1.yaml
|
||||
```
|
||||
|
||||
### Instance with autoscaling (based on CPU and/or storage)
|
||||
|
@ -222,7 +222,7 @@ module "bigtable-instance" {
|
|||
}
|
||||
}
|
||||
}
|
||||
# tftest modules=1 resources=1
|
||||
# tftest modules=1 resources=1 inventory=autoscaling2.yaml
|
||||
```
|
||||
<!-- BEGIN TFDOC -->
|
||||
|
||||
|
|
|
@ -28,7 +28,7 @@ module "group" {
|
|||
"service-account@my-gcp-project.iam.gserviceaccount.com"
|
||||
]
|
||||
}
|
||||
# tftest modules=1 resources=4
|
||||
# tftest modules=1 resources=4 inventory=members.yaml
|
||||
```
|
||||
|
||||
### Group with managers
|
||||
|
|
|
@ -40,7 +40,7 @@ module "db" {
|
|||
database_version = "POSTGRES_13"
|
||||
tier = "db-g1-small"
|
||||
}
|
||||
# tftest modules=3 resources=9
|
||||
# tftest modules=3 resources=9 inventory=simple.yaml
|
||||
```
|
||||
|
||||
## Cross-regional read replica
|
||||
|
@ -50,6 +50,7 @@ module "db" {
|
|||
source = "./fabric/modules/cloudsql-instance"
|
||||
project_id = var.project_id
|
||||
network = var.vpc.self_link
|
||||
prefix = "myprefix"
|
||||
name = "db"
|
||||
region = "europe-west1"
|
||||
database_version = "POSTGRES_13"
|
||||
|
@ -60,7 +61,7 @@ module "db" {
|
|||
replica2 = { region = "us-central1", encryption_key_name = null }
|
||||
}
|
||||
}
|
||||
# tftest modules=1 resources=3
|
||||
# tftest modules=1 resources=3 inventory=replicas.yaml
|
||||
```
|
||||
|
||||
## Custom flags, databases and users
|
||||
|
@ -91,7 +92,7 @@ module "db" {
|
|||
user2 = "mypassword"
|
||||
}
|
||||
}
|
||||
# tftest modules=1 resources=6
|
||||
# tftest modules=1 resources=6 inventory=custom.yaml
|
||||
```
|
||||
|
||||
### CMEK encryption
|
||||
|
@ -140,6 +141,28 @@ module "db" {
|
|||
|
||||
# tftest modules=3 resources=10
|
||||
```
|
||||
|
||||
### Enable public IP
|
||||
|
||||
Use `ipv_enabled` to create instances with a public IP.
|
||||
|
||||
```hcl
|
||||
module "db" {
|
||||
source = "./fabric/modules/cloudsql-instance"
|
||||
project_id = var.project_id
|
||||
network = var.vpc.self_link
|
||||
name = "db"
|
||||
region = "europe-west1"
|
||||
tier = "db-g1-small"
|
||||
database_version = "MYSQL_8_0"
|
||||
ipv4_enabled = true
|
||||
replicas = {
|
||||
replica1 = { region = "europe-west3", encryption_key_name = null }
|
||||
}
|
||||
}
|
||||
# tftest modules=1 resources=2 inventory=public-ip.yaml
|
||||
```
|
||||
|
||||
<!-- BEGIN TFDOC -->
|
||||
|
||||
## Variables
|
||||
|
|
|
@ -13,7 +13,7 @@ module "container_registry" {
|
|||
"roles/storage.admin" = ["group:cicd@example.com"]
|
||||
}
|
||||
}
|
||||
# tftest modules=1 resources=2
|
||||
# tftest modules=1 resources=2 inventory=simple.yaml
|
||||
```
|
||||
<!-- BEGIN TFDOC -->
|
||||
|
||||
|
|
|
@ -18,7 +18,7 @@ module "endpoint" {
|
|||
]
|
||||
}
|
||||
}
|
||||
# tftest modules=1 resources=2 files=openapi
|
||||
# tftest modules=1 resources=2 files=openapi inventory=simple.yaml
|
||||
```
|
||||
|
||||
```yaml
|
||||
|
|
|
@ -17,7 +17,7 @@ module "bucket" {
|
|||
parent = var.project_id
|
||||
id = "mybucket"
|
||||
}
|
||||
# tftest modules=1 resources=1
|
||||
# tftest modules=1 resources=1 inventory=project.yaml
|
||||
```
|
||||
|
||||
|
||||
|
@ -37,7 +37,25 @@ module "bucket-default" {
|
|||
id = "_Default"
|
||||
retention = 10
|
||||
}
|
||||
# tftest modules=2 resources=2
|
||||
# tftest modules=2 resources=2 inventory=retention.yaml
|
||||
```
|
||||
|
||||
### Organization and billing account buckets
|
||||
```hcl
|
||||
module "bucket-organization" {
|
||||
source = "./fabric/modules/logging-bucket"
|
||||
parent_type = "organization"
|
||||
parent = "organizations/012345"
|
||||
id = "mybucket"
|
||||
}
|
||||
|
||||
module "bucket-billing-account" {
|
||||
source = "./fabric/modules/logging-bucket"
|
||||
parent_type = "billing_account"
|
||||
parent = "012345"
|
||||
id = "mybucket"
|
||||
}
|
||||
# tftest modules=2 resources=2 inventory=org-ba.yaml
|
||||
```
|
||||
<!-- BEGIN TFDOC -->
|
||||
|
||||
|
|
|
@ -16,7 +16,7 @@ module "pubsub" {
|
|||
"roles/pubsub.subscriber" = ["user:user1@example.com"]
|
||||
}
|
||||
}
|
||||
# tftest modules=1 resources=3
|
||||
# tftest modules=1 resources=3 inventory=simple.yaml
|
||||
```
|
||||
|
||||
### Topic with schema
|
||||
|
@ -48,7 +48,7 @@ module "topic_with_schema" {
|
|||
})
|
||||
}
|
||||
}
|
||||
# tftest modules=1 resources=2
|
||||
# tftest modules=1 resources=2 inventory=schema.yaml
|
||||
```
|
||||
|
||||
### Subscriptions
|
||||
|
@ -74,7 +74,7 @@ module "pubsub" {
|
|||
}
|
||||
}
|
||||
}
|
||||
# tftest modules=1 resources=3
|
||||
# tftest modules=1 resources=3 inventory=subscriptions.yaml
|
||||
```
|
||||
|
||||
### Push subscriptions
|
||||
|
|
|
@ -45,7 +45,7 @@ module "secret-manager" {
|
|||
}
|
||||
}
|
||||
}
|
||||
# tftest modules=1 resources=4
|
||||
# tftest modules=1 resources=4 inventory=iam.yaml
|
||||
```
|
||||
|
||||
### Secret versions
|
||||
|
@ -70,7 +70,7 @@ module "secret-manager" {
|
|||
}
|
||||
}
|
||||
}
|
||||
# tftest modules=1 resources=5
|
||||
# tftest modules=1 resources=5 inventory=versions.yaml
|
||||
```
|
||||
<!-- BEGIN TFDOC -->
|
||||
|
||||
|
|
|
@ -21,7 +21,7 @@ module "service-directory" {
|
|||
]
|
||||
}
|
||||
}
|
||||
# tftest modules=1 resources=2
|
||||
# tftest modules=1 resources=2 inventory=simple.yaml
|
||||
```
|
||||
|
||||
### Services with IAM and endpoints
|
||||
|
@ -50,7 +50,7 @@ module "service-directory" {
|
|||
"one/second" = { address = "127.0.0.2", port = 80, metadata = {} }
|
||||
}
|
||||
}
|
||||
# tftest modules=1 resources=5
|
||||
# tftest modules=1 resources=5 inventory=services.yaml
|
||||
```
|
||||
|
||||
### DNS based zone
|
||||
|
@ -85,7 +85,7 @@ module "dns-sd" {
|
|||
client_networks = [var.vpc.self_link]
|
||||
service_directory_namespace = module.service-directory.id
|
||||
}
|
||||
# tftest modules=2 resources=5
|
||||
# tftest modules=2 resources=5 inventory=dns.yaml
|
||||
```
|
||||
<!-- BEGIN TFDOC -->
|
||||
|
||||
|
|
|
@ -15,7 +15,7 @@ module "repo" {
|
|||
"roles/source.reader" = ["user:foo@example.com"]
|
||||
}
|
||||
}
|
||||
# tftest modules=1 resources=2
|
||||
# tftest modules=1 resources=2 inventory=simple.yaml
|
||||
```
|
||||
|
||||
### Repository with Cloud Build trigger
|
||||
|
@ -41,7 +41,7 @@ module "repo" {
|
|||
}
|
||||
}
|
||||
}
|
||||
# tftest modules=1 resources=2
|
||||
# tftest modules=1 resources=2 inventory=trigger.yaml
|
||||
```
|
||||
|
||||
<!-- TFDOC OPTS files:1 -->
|
||||
|
|
|
@ -31,7 +31,7 @@ module "test" {
|
|||
title = "vpcsc-policy"
|
||||
}
|
||||
}
|
||||
# tftest modules=1 resources=1
|
||||
# tftest modules=1 resources=1 inventory=access-policy.yaml
|
||||
```
|
||||
|
||||
If you need the module to create a scoped policy for you, specify 'scopes' of the policy in the `access_policy_create` variable:
|
||||
|
@ -46,7 +46,7 @@ module "test" {
|
|||
scopes = ["folders/456789"]
|
||||
}
|
||||
}
|
||||
# tftest modules=1 resources=1
|
||||
# tftest modules=1 resources=1 inventory=scoped-access-policy.yaml
|
||||
```
|
||||
|
||||
### Access levels
|
||||
|
@ -72,7 +72,7 @@ module "test" {
|
|||
}
|
||||
}
|
||||
}
|
||||
# tftest modules=1 resources=2
|
||||
# tftest modules=1 resources=2 inventory=access-levels.yaml
|
||||
```
|
||||
|
||||
### Service perimeters
|
||||
|
@ -103,7 +103,7 @@ module "test" {
|
|||
}
|
||||
}
|
||||
}
|
||||
# tftest modules=1 resources=2
|
||||
# tftest modules=1 resources=2 inventory=bridge.yaml
|
||||
```
|
||||
|
||||
#### Regular type
|
||||
|
@ -172,7 +172,7 @@ module "test" {
|
|||
}
|
||||
}
|
||||
}
|
||||
# tftest modules=1 resources=3
|
||||
# tftest modules=1 resources=3 inventory=regular.yaml
|
||||
```
|
||||
|
||||
## Notes
|
||||
|
|
|
@ -0,0 +1,29 @@
|
|||
# Copyright 2023 Google LLC
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
|
||||
values:
|
||||
module.bigtable-instance.google_bigtable_instance.default:
|
||||
cluster:
|
||||
- autoscaling_config:
|
||||
- cpu_target: 70
|
||||
max_nodes: 7
|
||||
min_nodes: 3
|
||||
cluster_id: my-cluster
|
||||
storage_type: SSD
|
||||
zone: europe-southwest1-b
|
||||
name: instance
|
||||
project: my-project
|
||||
|
||||
counts:
|
||||
google_bigtable_instance: 1
|
|
@ -0,0 +1,30 @@
|
|||
# Copyright 2023 Google LLC
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
|
||||
values:
|
||||
module.bigtable-instance.google_bigtable_instance.default:
|
||||
cluster:
|
||||
- autoscaling_config:
|
||||
- cpu_target: 70
|
||||
max_nodes: 7
|
||||
min_nodes: 3
|
||||
storage_target: 4096
|
||||
cluster_id: my-cluster
|
||||
storage_type: SSD
|
||||
zone: europe-southwest1-a
|
||||
name: instance
|
||||
project: my-project
|
||||
|
||||
counts:
|
||||
google_bigtable_instance: 1
|
|
@ -0,0 +1,38 @@
|
|||
# Copyright 2023 Google LLC
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
|
||||
values:
|
||||
module.bigtable-instance.google_bigtable_table.default["test2"]:
|
||||
column_family:
|
||||
- family: cf1
|
||||
- family: cf2
|
||||
- family: cf3
|
||||
instance_name: instance
|
||||
name: test2
|
||||
project: my-project
|
||||
split_keys:
|
||||
- a
|
||||
- b
|
||||
- c
|
||||
module.bigtable-instance.google_bigtable_table.default["test3"]:
|
||||
column_family:
|
||||
- family: cf1
|
||||
instance_name: instance
|
||||
name: test3
|
||||
project: my-project
|
||||
split_keys: []
|
||||
|
||||
counts:
|
||||
google_bigtable_instance: 1
|
||||
google_bigtable_table: 3
|
|
@ -0,0 +1,29 @@
|
|||
# Copyright 2023 Google LLC
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
|
||||
values:
|
||||
module.bigtable-instance.google_bigtable_gc_policy.default["0"]:
|
||||
column_family: cf1
|
||||
deletion_policy: ABANDON
|
||||
gc_rules: null
|
||||
instance_name: instance
|
||||
max_age:
|
||||
- duration: 18h
|
||||
max_version: []
|
||||
mode: null
|
||||
project: my-project
|
||||
table: test1
|
||||
|
||||
counts:
|
||||
google_bigtable_gc_policy: 1
|
|
@ -0,0 +1,36 @@
|
|||
# Copyright 2023 Google LLC
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
|
||||
values:
|
||||
module.bigtable-instance.google_bigtable_instance.default:
|
||||
cluster:
|
||||
- autoscaling_config: []
|
||||
cluster_id: first-cluster
|
||||
storage_type: SSD
|
||||
zone: europe-west1-b
|
||||
- autoscaling_config: []
|
||||
cluster_id: second-cluster
|
||||
storage_type: SSD
|
||||
zone: europe-southwest1-a
|
||||
- autoscaling_config: []
|
||||
cluster_id: third-cluster
|
||||
storage_type: SSD
|
||||
zone: us-central1-b
|
||||
deletion_protection: true
|
||||
instance_type: PRODUCTION
|
||||
name: instance
|
||||
project: my-project
|
||||
|
||||
counts:
|
||||
google_bigtable_instance: 1
|
|
@ -0,0 +1,52 @@
|
|||
# Copyright 2023 Google LLC
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
|
||||
values:
|
||||
module.bigtable-instance.google_bigtable_instance.default:
|
||||
cluster:
|
||||
- autoscaling_config: []
|
||||
cluster_id: my-cluster
|
||||
storage_type: SSD
|
||||
zone: europe-west1-b
|
||||
deletion_protection: true
|
||||
instance_type: PRODUCTION
|
||||
name: instance
|
||||
project: my-project
|
||||
module.bigtable-instance.google_bigtable_instance_iam_binding.default["roles/bigtable.user"]:
|
||||
condition: []
|
||||
instance: instance
|
||||
members:
|
||||
- user:viewer@testdomain.com
|
||||
project: my-project
|
||||
role: roles/bigtable.user
|
||||
module.bigtable-instance.google_bigtable_table.default["test1"]:
|
||||
column_family: []
|
||||
instance_name: instance
|
||||
name: test1
|
||||
project: my-project
|
||||
split_keys: []
|
||||
module.bigtable-instance.google_bigtable_table.default["test2"]:
|
||||
column_family: []
|
||||
instance_name: instance
|
||||
name: test2
|
||||
project: my-project
|
||||
split_keys:
|
||||
- a
|
||||
- b
|
||||
- c
|
||||
|
||||
counts:
|
||||
google_bigtable_instance: 1
|
||||
google_bigtable_instance_iam_binding: 1
|
||||
google_bigtable_table: 2
|
|
@ -1,4 +1,4 @@
|
|||
# Copyright 2022 Google LLC
|
||||
# Copyright 2023 Google LLC
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
|
@ -11,3 +11,17 @@
|
|||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
|
||||
values:
|
||||
module.bigtable-instance.google_bigtable_instance.default:
|
||||
cluster:
|
||||
- autoscaling_config: []
|
||||
cluster_id: my-cluster
|
||||
num_nodes: 5
|
||||
storage_type: SSD
|
||||
zone: europe-west1-b
|
||||
name: instance
|
||||
project: my-project
|
||||
|
||||
counts:
|
||||
google_bigtable_instance: 1
|
|
@ -1,36 +0,0 @@
|
|||
/**
|
||||
* Copyright 2022 Google LLC
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*/
|
||||
|
||||
module "test" {
|
||||
source = "../../../../modules/bigtable-instance"
|
||||
project_id = "my-project"
|
||||
name = "test"
|
||||
iam = {
|
||||
"roles/bigtable.user" = ["user:me@example.com"]
|
||||
}
|
||||
tables = {
|
||||
test-1 = {},
|
||||
test-2 = {
|
||||
split_keys = ["a", "b", "c"]
|
||||
}
|
||||
|
||||
}
|
||||
clusters = {
|
||||
test = {
|
||||
zone = var.zone
|
||||
}
|
||||
}
|
||||
}
|
|
@ -1,20 +0,0 @@
|
|||
/**
|
||||
* Copyright 2022 Google LLC
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*/
|
||||
|
||||
variable "zone" {
|
||||
type = string
|
||||
default = "europe-west1-b"
|
||||
}
|
|
@ -1,42 +0,0 @@
|
|||
# Copyright 2022 Google LLC
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
|
||||
import pytest
|
||||
|
||||
|
||||
@pytest.fixture
|
||||
def resources(plan_runner):
|
||||
_, resources = plan_runner()
|
||||
return resources
|
||||
|
||||
|
||||
def test_resource_count(resources):
|
||||
"Test number of resources created."
|
||||
assert len(resources) == 4
|
||||
|
||||
|
||||
def test_iam(resources):
|
||||
"Test IAM binding resources."
|
||||
bindings = [r['values'] for r in resources if r['type']
|
||||
== 'google_bigtable_instance_iam_binding']
|
||||
assert len(bindings) == 1
|
||||
assert bindings[0]['role'] == 'roles/bigtable.user'
|
||||
|
||||
|
||||
def test_tables(resources):
|
||||
"Test table resources."
|
||||
subs = [r['values'] for r in resources if r['type']
|
||||
== 'google_bigtable_table']
|
||||
assert len(subs) == 2
|
||||
assert set(s['name'] for s in subs) == set(['test-1', 'test-2'])
|
|
@ -0,0 +1,26 @@
|
|||
# Copyright 2023 Google LLC
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
|
||||
values:
|
||||
module.group.google_cloud_identity_group_membership.managers["user3@example.com"]:
|
||||
preferred_member_key:
|
||||
- id: user3@example.com
|
||||
namespace: null
|
||||
roles:
|
||||
- name: MANAGER
|
||||
- name: MEMBER
|
||||
|
||||
counts:
|
||||
google_cloud_identity_group: 1
|
||||
google_cloud_identity_group_membership: 4
|
|
@ -0,0 +1,45 @@
|
|||
# Copyright 2023 Google LLC
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
|
||||
values:
|
||||
module.group.google_cloud_identity_group.group:
|
||||
description: My group Description
|
||||
display_name: My group name
|
||||
group_key:
|
||||
- id: mygroup@example.com
|
||||
namespace: null
|
||||
initial_group_config: EMPTY
|
||||
parent: customers/C01234567
|
||||
module.group.google_cloud_identity_group_membership.members["service-account@my-gcp-project.iam.gserviceaccount.com"]:
|
||||
preferred_member_key:
|
||||
- id: service-account@my-gcp-project.iam.gserviceaccount.com
|
||||
namespace: null
|
||||
roles:
|
||||
- name: MEMBER
|
||||
module.group.google_cloud_identity_group_membership.members["user1@example.com"]:
|
||||
preferred_member_key:
|
||||
- id: user1@example.com
|
||||
namespace: null
|
||||
roles:
|
||||
- name: MEMBER
|
||||
module.group.google_cloud_identity_group_membership.members["user2@example.com"]:
|
||||
preferred_member_key:
|
||||
- id: user2@example.com
|
||||
namespace: null
|
||||
roles:
|
||||
- name: MEMBER
|
||||
|
||||
counts:
|
||||
google_cloud_identity_group: 1
|
||||
google_cloud_identity_group_membership: 3
|
|
@ -1,25 +0,0 @@
|
|||
/**
|
||||
* Copyright 2022 Google LLC
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*/
|
||||
|
||||
module "test" {
|
||||
source = "../../../../modules/cloud-identity-group"
|
||||
name = var.name
|
||||
display_name = var.display_name
|
||||
description = var.description
|
||||
customer_id = var.customer_id
|
||||
managers = var.managers
|
||||
members = var.members
|
||||
}
|
|
@ -1,45 +0,0 @@
|
|||
/**
|
||||
* Copyright 2022 Google LLC
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*/
|
||||
|
||||
variable "display_name" {
|
||||
type = string
|
||||
default = "display name"
|
||||
}
|
||||
|
||||
variable "name" {
|
||||
type = string
|
||||
default = "my-group@example.com"
|
||||
}
|
||||
|
||||
variable "description" {
|
||||
type = string
|
||||
default = null
|
||||
}
|
||||
|
||||
variable "customer_id" {
|
||||
type = string
|
||||
default = "customers/C01234567"
|
||||
}
|
||||
|
||||
variable "managers" {
|
||||
type = list(string)
|
||||
default = []
|
||||
}
|
||||
|
||||
variable "members" {
|
||||
type = list(string)
|
||||
default = []
|
||||
}
|
|
@ -1,42 +0,0 @@
|
|||
# Copyright 2022 Google LLC
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
|
||||
from collections import Counter
|
||||
|
||||
|
||||
def test_group(plan_runner):
|
||||
"Test group."
|
||||
_, resources = plan_runner()
|
||||
assert len(resources) == 1
|
||||
r = resources[0]
|
||||
assert r['type'] == 'google_cloud_identity_group'
|
||||
assert r['values']['display_name'] == 'display name'
|
||||
assert r['values']['group_key'][0]['id'] == 'my-group@example.com'
|
||||
assert r['values']['parent'] == 'customers/C01234567'
|
||||
|
||||
|
||||
def test_members(plan_runner):
|
||||
"Test group members."
|
||||
members = '["member@example.com"]'
|
||||
_, resources = plan_runner(members=members)
|
||||
|
||||
resource_types = Counter([r['type'] for r in resources])
|
||||
assert resource_types == {
|
||||
'google_cloud_identity_group': 1,
|
||||
'google_cloud_identity_group_membership': 1,
|
||||
}
|
||||
|
||||
values = next(r['values'] for r in resources if r['name'] == 'members')
|
||||
assert values['preferred_member_key'][0]['id'] == 'member@example.com'
|
||||
assert [role['name'] for role in values['roles']] == ['MEMBER']
|
|
@ -0,0 +1,59 @@
|
|||
# Copyright 2023 Google LLC
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
|
||||
values:
|
||||
module.db.google_sql_database.databases["departments"]:
|
||||
deletion_policy: DELETE
|
||||
instance: db
|
||||
name: departments
|
||||
project: project-id
|
||||
module.db.google_sql_database.databases["people"]:
|
||||
deletion_policy: DELETE
|
||||
instance: db
|
||||
name: people
|
||||
project: project-id
|
||||
module.db.google_sql_database_instance.primary: {}
|
||||
module.db.google_sql_user.users["user1"]:
|
||||
deletion_policy: null
|
||||
instance: db
|
||||
name: user1
|
||||
password_policy: []
|
||||
project: project-id
|
||||
type: null
|
||||
module.db.google_sql_user.users["user2"]:
|
||||
deletion_policy: null
|
||||
instance: db
|
||||
name: user2
|
||||
password_policy: []
|
||||
project: project-id
|
||||
type: null
|
||||
module.db.random_password.passwords["user1"]:
|
||||
keepers: null
|
||||
length: 16
|
||||
lower: true
|
||||
min_lower: 0
|
||||
min_numeric: 0
|
||||
min_special: 0
|
||||
min_upper: 0
|
||||
number: true
|
||||
numeric: true
|
||||
override_special: null
|
||||
special: true
|
||||
upper: true
|
||||
|
||||
counts:
|
||||
google_sql_database: 2
|
||||
google_sql_database_instance: 1
|
||||
google_sql_user: 2
|
||||
modules: 1
|
|
@ -0,0 +1,91 @@
|
|||
# Copyright 2023 Google LLC
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
|
||||
values:
|
||||
module.db.google_sql_database_instance.primary:
|
||||
database_version: MYSQL_8_0
|
||||
name: db
|
||||
project: project-id
|
||||
region: europe-west1
|
||||
restore_backup_context: []
|
||||
settings:
|
||||
- activation_policy: ALWAYS
|
||||
active_directory_config: []
|
||||
availability_type: ZONAL
|
||||
backup_configuration:
|
||||
- backup_retention_settings:
|
||||
- retained_backups: 7
|
||||
retention_unit: COUNT
|
||||
binary_log_enabled: true
|
||||
enabled: true
|
||||
location: null
|
||||
point_in_time_recovery_enabled: null
|
||||
start_time: '23:00'
|
||||
transaction_log_retention_days: 7
|
||||
collation: null
|
||||
database_flags: []
|
||||
deletion_protection_enabled: null
|
||||
deny_maintenance_period: []
|
||||
disk_autoresize: true
|
||||
disk_autoresize_limit: 0
|
||||
disk_type: PD_SSD
|
||||
insights_config: []
|
||||
ip_configuration:
|
||||
- allocated_ip_range: null
|
||||
authorized_networks: []
|
||||
enable_private_path_for_google_cloud_services: null
|
||||
ipv4_enabled: true
|
||||
private_network: projects/xxx/global/networks/aaa
|
||||
require_ssl: null
|
||||
maintenance_window: []
|
||||
password_validation_policy: []
|
||||
pricing_plan: PER_USE
|
||||
sql_server_audit_config: []
|
||||
tier: db-g1-small
|
||||
time_zone: null
|
||||
module.db.google_sql_database_instance.replicas["replica1"]:
|
||||
database_version: MYSQL_8_0
|
||||
master_instance_name: db
|
||||
name: replica1
|
||||
project: project-id
|
||||
region: europe-west3
|
||||
settings:
|
||||
- activation_policy: ALWAYS
|
||||
active_directory_config: []
|
||||
availability_type: ZONAL
|
||||
collation: null
|
||||
database_flags: []
|
||||
deletion_protection_enabled: null
|
||||
deny_maintenance_period: []
|
||||
disk_autoresize: true
|
||||
disk_autoresize_limit: 0
|
||||
disk_type: PD_SSD
|
||||
insights_config: []
|
||||
ip_configuration:
|
||||
- allocated_ip_range: null
|
||||
authorized_networks: []
|
||||
enable_private_path_for_google_cloud_services: null
|
||||
ipv4_enabled: true
|
||||
private_network: projects/xxx/global/networks/aaa
|
||||
require_ssl: null
|
||||
maintenance_window: []
|
||||
password_validation_policy: []
|
||||
pricing_plan: PER_USE
|
||||
sql_server_audit_config: []
|
||||
tier: db-g1-small
|
||||
time_zone: null
|
||||
timeouts: null
|
||||
|
||||
counts:
|
||||
google_sql_database_instance: 2
|
|
@ -0,0 +1,38 @@
|
|||
# Copyright 2023 Google LLC
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
|
||||
values:
|
||||
module.db.google_sql_database_instance.primary:
|
||||
clone: []
|
||||
database_version: POSTGRES_13
|
||||
name: myprefix-db
|
||||
project: project-id
|
||||
region: europe-west1
|
||||
module.db.google_sql_database_instance.replicas["replica1"]:
|
||||
clone: []
|
||||
database_version: POSTGRES_13
|
||||
master_instance_name: myprefix-db
|
||||
name: myprefix-replica1
|
||||
project: project-id
|
||||
region: europe-west3
|
||||
module.db.google_sql_database_instance.replicas["replica2"]:
|
||||
clone: []
|
||||
database_version: POSTGRES_13
|
||||
master_instance_name: myprefix-db
|
||||
name: myprefix-replica2
|
||||
project: project-id
|
||||
region: us-central1
|
||||
|
||||
counts:
|
||||
google_sql_database_instance: 3
|
|
@ -0,0 +1,48 @@
|
|||
# Copyright 2023 Google LLC
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
|
||||
values:
|
||||
module.db.google_sql_database_instance.primary:
|
||||
clone: []
|
||||
database_version: POSTGRES_13
|
||||
name: db
|
||||
project: my-db-project
|
||||
region: europe-west1
|
||||
settings:
|
||||
- activation_policy: ALWAYS
|
||||
active_directory_config: []
|
||||
availability_type: ZONAL
|
||||
collation: null
|
||||
database_flags: []
|
||||
deletion_protection_enabled: null
|
||||
deny_maintenance_period: []
|
||||
disk_autoresize: true
|
||||
disk_autoresize_limit: 0
|
||||
disk_type: PD_SSD
|
||||
insights_config: []
|
||||
ip_configuration:
|
||||
- allocated_ip_range: null
|
||||
authorized_networks: []
|
||||
enable_private_path_for_google_cloud_services: null
|
||||
ipv4_enabled: false
|
||||
require_ssl: null
|
||||
maintenance_window: []
|
||||
password_validation_policy: []
|
||||
pricing_plan: PER_USE
|
||||
sql_server_audit_config: []
|
||||
tier: db-g1-small
|
||||
time_zone: null
|
||||
|
||||
counts:
|
||||
google_sql_database_instance: 1
|
|
@ -1,38 +0,0 @@
|
|||
/**
|
||||
* Copyright 2022 Google LLC
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*/
|
||||
|
||||
module "test" {
|
||||
source = "../../../../modules/cloudsql-instance"
|
||||
project_id = "my-project"
|
||||
authorized_networks = var.authorized_networks
|
||||
availability_type = var.availability_type
|
||||
backup_configuration = var.backup_configuration
|
||||
database_version = var.database_version
|
||||
databases = var.databases
|
||||
disk_size = var.disk_size
|
||||
disk_type = var.disk_type
|
||||
flags = var.flags
|
||||
labels = var.labels
|
||||
name = var.name
|
||||
network = var.network
|
||||
prefix = var.prefix
|
||||
region = var.region
|
||||
replicas = var.replicas
|
||||
users = var.users
|
||||
tier = var.tier
|
||||
deletion_protection = var.deletion_protection
|
||||
ipv4_enabled = var.ipv4_enabled
|
||||
}
|
|
@ -1,119 +0,0 @@
|
|||
/**
|
||||
* Copyright 2022 Google LLC
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*/
|
||||
|
||||
variable "authorized_networks" {
|
||||
type = map(string)
|
||||
default = null
|
||||
}
|
||||
|
||||
variable "availability_type" {
|
||||
type = string
|
||||
default = "ZONAL"
|
||||
}
|
||||
|
||||
variable "backup_configuration" {
|
||||
type = object({
|
||||
enabled = bool
|
||||
binary_log_enabled = bool
|
||||
start_time = string
|
||||
location = string
|
||||
log_retention_days = number
|
||||
retention_count = number
|
||||
})
|
||||
default = {
|
||||
enabled = false
|
||||
binary_log_enabled = false
|
||||
start_time = "23:00"
|
||||
location = "EU"
|
||||
log_retention_days = 7
|
||||
retention_count = 7
|
||||
}
|
||||
}
|
||||
|
||||
variable "database_version" {
|
||||
type = string
|
||||
default = "POSTGRES_13"
|
||||
}
|
||||
|
||||
variable "databases" {
|
||||
type = list(string)
|
||||
default = null
|
||||
}
|
||||
|
||||
variable "disk_size" {
|
||||
type = number
|
||||
default = null
|
||||
}
|
||||
|
||||
variable "disk_type" {
|
||||
type = string
|
||||
default = "PD_SSD"
|
||||
}
|
||||
|
||||
variable "flags" {
|
||||
type = map(string)
|
||||
default = null
|
||||
}
|
||||
|
||||
variable "labels" {
|
||||
type = map(string)
|
||||
default = null
|
||||
}
|
||||
|
||||
variable "name" {
|
||||
type = string
|
||||
default = "db"
|
||||
}
|
||||
|
||||
variable "network" {
|
||||
type = string
|
||||
default = "projects/xxx/global/networks/yyy"
|
||||
}
|
||||
|
||||
variable "prefix" {
|
||||
type = string
|
||||
default = null
|
||||
}
|
||||
|
||||
variable "region" {
|
||||
type = string
|
||||
default = "europe-west1"
|
||||
}
|
||||
|
||||
variable "replicas" {
|
||||
type = any
|
||||
default = null
|
||||
}
|
||||
|
||||
variable "users" {
|
||||
type = map(string)
|
||||
default = null
|
||||
}
|
||||
|
||||
variable "tier" {
|
||||
type = string
|
||||
default = "db-g1-small"
|
||||
}
|
||||
|
||||
variable "deletion_protection" {
|
||||
type = bool
|
||||
default = false
|
||||
}
|
||||
|
||||
variable "ipv4_enabled" {
|
||||
type = bool
|
||||
default = false
|
||||
}
|
|
@ -1,152 +0,0 @@
|
|||
# Copyright 2022 Google LLC
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
|
||||
from collections import Counter
|
||||
|
||||
|
||||
def test_simple_instance(plan_runner):
|
||||
"Test standalone instance."
|
||||
|
||||
_, resources = plan_runner()
|
||||
assert len(resources) == 1
|
||||
r = resources[0]
|
||||
assert r['values']['project'] == 'my-project'
|
||||
assert r['values']['name'] == 'db'
|
||||
assert r['values']['region'] == 'europe-west1'
|
||||
|
||||
|
||||
def test_prefix(plan_runner):
|
||||
"Test instance prefix."
|
||||
|
||||
_, resources = plan_runner(prefix="prefix")
|
||||
assert len(resources) == 1
|
||||
r = resources[0]
|
||||
assert r['values']['name'] == 'prefix-db'
|
||||
|
||||
replicas = """{
|
||||
replica1 = { region = "europe-west3", encryption_key_name = null }
|
||||
replica2 = { region = "us-central1", encryption_key_name = null }
|
||||
}"""
|
||||
|
||||
_, resources = plan_runner(prefix="prefix")
|
||||
assert len(resources) == 1
|
||||
r = resources[0]
|
||||
assert r['values']['name'] == 'prefix-db'
|
||||
|
||||
|
||||
def test_replicas(plan_runner):
|
||||
"Test replicated instance."
|
||||
|
||||
replicas = """{
|
||||
replica1 = { region = "europe-west3", encryption_key_name = null }
|
||||
replica2 = { region = "us-central1", encryption_key_name = null }
|
||||
}"""
|
||||
|
||||
_, resources = plan_runner(replicas=replicas, prefix="prefix")
|
||||
assert len(resources) == 3
|
||||
|
||||
primary = [r for r in resources if r['name'] == 'primary'][0]
|
||||
replica1 = [
|
||||
r for r in resources
|
||||
if r['name'] == 'replicas' and r['index'] == 'replica1'
|
||||
][0]
|
||||
replica2 = [
|
||||
r for r in resources
|
||||
if r['name'] == 'replicas' and r['index'] == 'replica2'
|
||||
][0]
|
||||
|
||||
assert replica1['values']['name'] == 'prefix-replica1'
|
||||
assert replica2['values']['name'] == 'prefix-replica2'
|
||||
|
||||
assert replica1['values']['master_instance_name'] == 'prefix-db'
|
||||
assert replica2['values']['master_instance_name'] == 'prefix-db'
|
||||
|
||||
assert replica1['values']['region'] == 'europe-west3'
|
||||
assert replica2['values']['region'] == 'us-central1'
|
||||
|
||||
|
||||
def test_mysql_replicas_enables_backup(plan_runner):
|
||||
"Test MySQL backup setup with replicas."
|
||||
|
||||
replicas = """{
|
||||
replica1 = { region = "europe-west3", encryption_key_name = null }
|
||||
}"""
|
||||
_, resources = plan_runner(replicas=replicas, database_version="MYSQL_8_0")
|
||||
assert len(resources) == 2
|
||||
primary = [r for r in resources if r['name'] == 'primary'][0]
|
||||
backup_config = primary['values']['settings'][0]['backup_configuration'][0]
|
||||
assert backup_config['enabled']
|
||||
assert backup_config['binary_log_enabled']
|
||||
|
||||
|
||||
def test_mysql_binary_log_for_regional(plan_runner):
|
||||
"Test that the binary log will be enabled for regional MySQL DBs."
|
||||
|
||||
_, resources = plan_runner(database_version="MYSQL_8_0", availability_type="REGIONAL")
|
||||
assert len(resources) == 1
|
||||
primary = [r for r in resources if r['name'] == 'primary'][0]
|
||||
backup_config = primary['values']['settings'][0]['backup_configuration'][0]
|
||||
assert backup_config['enabled']
|
||||
assert backup_config['binary_log_enabled']
|
||||
|
||||
|
||||
def test_users(plan_runner):
|
||||
"Test user creation."
|
||||
|
||||
users = """{
|
||||
user1 = "123"
|
||||
user2 = null
|
||||
}"""
|
||||
|
||||
_, resources = plan_runner(users=users)
|
||||
types = Counter(r['type'] for r in resources)
|
||||
assert types == {
|
||||
'google_sql_user': 2,
|
||||
'google_sql_database_instance': 1,
|
||||
'random_password': 1
|
||||
}
|
||||
|
||||
|
||||
def test_databases(plan_runner):
|
||||
"Test database creation."
|
||||
|
||||
databases = '["db1", "db2"]'
|
||||
_, resources = plan_runner(databases=databases)
|
||||
|
||||
resources = [r for r in resources if r['type'] == 'google_sql_database']
|
||||
assert len(resources) == 2
|
||||
assert all(r['values']['instance'] == "db" for r in resources)
|
||||
assert sorted(r['values']['name'] for r in resources) == ["db1", "db2"]
|
||||
|
||||
|
||||
def test_simple_instance_ipv4_enable(plan_runner):
|
||||
"Test instance ipv4_enabled."
|
||||
|
||||
_, resources = plan_runner(ipv4_enabled="true")
|
||||
assert len(resources) == 1
|
||||
assert resources[0]['values']['settings'][0]['ip_configuration'][0]['ipv4_enabled']
|
||||
|
||||
|
||||
def test_replicas_ipv4_enable(plan_runner):
|
||||
"Test replicas ipv4_enabled."
|
||||
|
||||
replicas = """{
|
||||
replica1 = { region = "europe-west3", encryption_key_name = null }
|
||||
}"""
|
||||
|
||||
_, resources = plan_runner(replicas=replicas, ipv4_enabled="true")
|
||||
|
||||
assert len(resources) == 2
|
||||
assert all([r['values']['settings'][0]['ip_configuration'][0]['ipv4_enabled'] for r in resources])
|
||||
|
|
@ -0,0 +1,27 @@
|
|||
# Copyright 2023 Google LLC
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
|
||||
values:
|
||||
module.container_registry.google_container_registry.registry:
|
||||
location: EU
|
||||
project: myproject
|
||||
module.container_registry.google_storage_bucket_iam_binding.bindings["roles/storage.admin"]:
|
||||
condition: []
|
||||
members:
|
||||
- group:cicd@example.com
|
||||
role: roles/storage.admin
|
||||
|
||||
counts:
|
||||
google_container_registry: 1
|
||||
google_storage_bucket_iam_binding: 1
|
|
@ -1,24 +0,0 @@
|
|||
/**
|
||||
* Copyright 2022 Google LLC
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*/
|
||||
|
||||
module "test" {
|
||||
source = "../../../../modules/container-registry"
|
||||
project_id = "my-project"
|
||||
location = var.location
|
||||
iam = {
|
||||
"roles/storage.admin" = ["user:me@example.com"]
|
||||
}
|
||||
}
|
|
@ -1,20 +0,0 @@
|
|||
/**
|
||||
* Copyright 2022 Google LLC
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*/
|
||||
|
||||
variable "location" {
|
||||
type = string
|
||||
default = "EU"
|
||||
}
|
|
@ -1,13 +0,0 @@
|
|||
# Copyright 2022 Google LLC
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
|
@ -0,0 +1,32 @@
|
|||
# Copyright 2023 Google LLC
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
|
||||
values:
|
||||
module.endpoint.google_endpoints_service.default:
|
||||
openapi_config: "# tftest-file id=openapi path=configs/endpoints/openapi.yaml\n\
|
||||
swagger: \"2.0\"\ninfo:\n description: \"A simple Google Cloud Endpoints API\
|
||||
\ example.\"\n title: \"Endpoints Example\"\n version: \"1.0.0\"\nhost: \"\
|
||||
echo-api.endpoints.YOUR-PROJECT-ID.cloud.goog\"\n"
|
||||
project: my-project
|
||||
service_name: YOUR-API.endpoints.YOUR-PROJECT-ID.cloud.goog
|
||||
module.endpoint.google_endpoints_service_iam_binding.default["servicemanagement.serviceController"]:
|
||||
condition: []
|
||||
members:
|
||||
- serviceAccount:123456890-compute@developer.gserviceaccount.com
|
||||
role: servicemanagement.serviceController
|
||||
service_name: YOUR-API.endpoints.YOUR-PROJECT-ID.cloud.goog
|
||||
|
||||
counts:
|
||||
google_endpoints_service: 1
|
||||
google_endpoints_service_iam_binding: 1
|
|
@ -1,25 +0,0 @@
|
|||
/**
|
||||
* Copyright 2022 Google LLC
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*/
|
||||
|
||||
module "test" {
|
||||
source = "../../../../modules/endpoints"
|
||||
project_id = "my-project"
|
||||
service_name = var.service_name
|
||||
openapi_config = { "yaml_path" = "openapi.yaml" }
|
||||
iam = {
|
||||
"roles/servicemanagement.serviceController" = ["user:me@example.com"]
|
||||
}
|
||||
}
|
|
@ -1,13 +0,0 @@
|
|||
# Copyright 2022 Google LLC
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
|
@ -1,20 +0,0 @@
|
|||
/**
|
||||
* Copyright 2022 Google LLC
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*/
|
||||
|
||||
variable "service_name" {
|
||||
type = string
|
||||
default = "foo.endpoints.test.cloud.goog"
|
||||
}
|
|
@ -1,13 +0,0 @@
|
|||
# Copyright 2022 Google LLC
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
|
@ -1,4 +1,4 @@
|
|||
# Copyright 2022 Google LLC
|
||||
# Copyright 2023 Google LLC
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
|
@ -12,23 +12,18 @@
|
|||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
|
||||
import pytest
|
||||
values:
|
||||
module.bucket-billing-account.google_logging_billing_account_bucket_config.bucket[0]:
|
||||
billing_account: '012345'
|
||||
bucket_id: mybucket
|
||||
location: global
|
||||
retention_days: 30
|
||||
module.bucket-organization.google_logging_organization_bucket_config.bucket[0]:
|
||||
bucket_id: mybucket
|
||||
location: global
|
||||
organization: organizations/012345
|
||||
retention_days: 30
|
||||
|
||||
|
||||
@pytest.fixture
|
||||
def resources(plan_runner):
|
||||
_, resources = plan_runner()
|
||||
return resources
|
||||
|
||||
|
||||
def test_resource_count(resources):
|
||||
"Test number of resources created."
|
||||
assert len(resources) == 2
|
||||
|
||||
|
||||
def test_iam(resources):
|
||||
"Test IAM binding resources."
|
||||
bindings = [r['values'] for r in resources if r['type']
|
||||
== 'google_storage_bucket_iam_binding']
|
||||
assert len(bindings) == 1
|
||||
assert bindings[0]['role'] == 'roles/storage.admin'
|
||||
counts:
|
||||
google_logging_billing_account_bucket_config: 1
|
||||
google_logging_organization_bucket_config: 1
|
|
@ -1,4 +1,4 @@
|
|||
# Copyright 2022 Google LLC
|
||||
# Copyright 2023 Google LLC
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
|
@ -11,3 +11,13 @@
|
|||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
|
||||
values:
|
||||
module.bucket.google_logging_project_bucket_config.bucket[0]:
|
||||
bucket_id: mybucket
|
||||
location: global
|
||||
project: project-id
|
||||
retention_days: 30
|
||||
|
||||
counts:
|
||||
google_logging_project_bucket_config: 1
|
|
@ -0,0 +1,26 @@
|
|||
# Copyright 2023 Google LLC
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
|
||||
values:
|
||||
module.bucket-default.google_logging_folder_bucket_config.bucket[0]:
|
||||
bucket_id: _Default
|
||||
location: global
|
||||
retention_days: 10
|
||||
module.folder.google_folder.folder[0]:
|
||||
display_name: my folder
|
||||
parent: folders/657104291943
|
||||
|
||||
counts:
|
||||
google_folder: 1
|
||||
google_logging_folder_bucket_config: 1
|
|
@ -1,24 +0,0 @@
|
|||
/**
|
||||
* Copyright 2022 Google LLC
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*/
|
||||
|
||||
module "test" {
|
||||
source = "../../../../modules/logging-bucket"
|
||||
parent_type = var.parent_type
|
||||
parent = var.parent
|
||||
id = var.id
|
||||
retention = var.retention
|
||||
location = var.location
|
||||
}
|
|
@ -1,42 +0,0 @@
|
|||
/**
|
||||
* Copyright 2022 Google LLC
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*/
|
||||
|
||||
variable "parent" {
|
||||
type = string
|
||||
}
|
||||
|
||||
variable "parent_type" {
|
||||
type = string
|
||||
validation {
|
||||
condition = contains(["project", "folder", "organization", "billing_account"], var.parent_type)
|
||||
error_message = "Parent type must be project, folder, organization or billing_account."
|
||||
}
|
||||
}
|
||||
|
||||
variable "location" {
|
||||
type = string
|
||||
default = "global"
|
||||
}
|
||||
|
||||
variable "id" {
|
||||
type = string
|
||||
default = "mybucket"
|
||||
}
|
||||
|
||||
variable "retention" {
|
||||
type = number
|
||||
default = 30
|
||||
}
|
|
@ -1,79 +0,0 @@
|
|||
# Copyright 2022 Google LLC
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
|
||||
|
||||
def test_project_logging_bucket(plan_runner):
|
||||
"Test project logging bucket."
|
||||
_, resources = plan_runner(parent_type="project", parent="myproject")
|
||||
assert len(resources) == 1
|
||||
|
||||
resource = resources[0]
|
||||
assert resource["type"] == "google_logging_project_bucket_config"
|
||||
assert resource["values"] == {
|
||||
"bucket_id": "mybucket",
|
||||
"cmek_settings": [],
|
||||
"enable_analytics": None,
|
||||
"project": "myproject",
|
||||
"location": "global",
|
||||
"retention_days": 30,
|
||||
}
|
||||
|
||||
|
||||
def test_folder_logging_bucket(plan_runner):
|
||||
"Test project logging bucket."
|
||||
_, resources = plan_runner(parent_type="folder", parent="folders/0123456789")
|
||||
assert len(resources) == 1
|
||||
|
||||
resource = resources[0]
|
||||
assert resource["type"] == "google_logging_folder_bucket_config"
|
||||
assert resource["values"] == {
|
||||
"bucket_id": "mybucket",
|
||||
"cmek_settings": [],
|
||||
"folder": "folders/0123456789",
|
||||
"location": "global",
|
||||
"retention_days": 30,
|
||||
}
|
||||
|
||||
|
||||
def test_organization_logging_bucket(plan_runner):
|
||||
"Test project logging bucket."
|
||||
_, resources = plan_runner(parent_type="organization",
|
||||
parent="organizations/0123456789")
|
||||
assert len(resources) == 1
|
||||
|
||||
resource = resources[0]
|
||||
assert resource["type"] == "google_logging_organization_bucket_config"
|
||||
assert resource["values"] == {
|
||||
"bucket_id": "mybucket",
|
||||
"cmek_settings": [],
|
||||
"organization": "organizations/0123456789",
|
||||
"location": "global",
|
||||
"retention_days": 30,
|
||||
}
|
||||
|
||||
|
||||
def test_billing_account_logging_bucket(plan_runner):
|
||||
"Test project logging bucket."
|
||||
_, resources = plan_runner(parent_type="billing_account", parent="0123456789")
|
||||
assert len(resources) == 1
|
||||
|
||||
resource = resources[0]
|
||||
assert resource["type"] == "google_logging_billing_account_bucket_config"
|
||||
assert resource["values"] == {
|
||||
"bucket_id": "mybucket",
|
||||
"cmek_settings": [],
|
||||
"billing_account": "0123456789",
|
||||
"location": "global",
|
||||
"retention_days": 30,
|
||||
}
|
|
@ -1,13 +0,0 @@
|
|||
# Copyright 2022 Google LLC
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
|
@ -0,0 +1,31 @@
|
|||
# Copyright 2023 Google LLC
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
|
||||
values:
|
||||
module.pubsub.google_pubsub_subscription.default["test-bigquery"]:
|
||||
bigquery_config:
|
||||
- drop_unknown_fields: true
|
||||
table: my_project_id:my_dataset.my_table
|
||||
use_topic_schema: true
|
||||
write_metadata: false
|
||||
name: test-bigquery
|
||||
project: my-project
|
||||
topic: my-topic
|
||||
module.pubsub.google_pubsub_topic.default:
|
||||
name: my-topic
|
||||
project: my-project
|
||||
|
||||
counts:
|
||||
google_pubsub_subscription: 1
|
||||
google_pubsub_topic: 1
|
|
@ -0,0 +1,30 @@
|
|||
# Copyright 2023 Google LLC
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
|
||||
values:
|
||||
module.pubsub.google_pubsub_subscription.default["test-push"]:
|
||||
name: test-push
|
||||
project: my-project
|
||||
push_config:
|
||||
- attributes: null
|
||||
oidc_token: []
|
||||
push_endpoint: https://example.com/foo
|
||||
topic: my-topic
|
||||
module.pubsub.google_pubsub_topic.default:
|
||||
name: my-topic
|
||||
project: my-project
|
||||
|
||||
counts:
|
||||
google_pubsub_subscription: 1
|
||||
google_pubsub_topic: 1
|
|
@ -1,4 +1,4 @@
|
|||
# Copyright 2022 Google LLC
|
||||
# Copyright 2023 Google LLC
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
|
@ -12,23 +12,18 @@
|
|||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
|
||||
import pytest
|
||||
values:
|
||||
module.topic_with_schema.google_pubsub_schema.default[0]:
|
||||
definition: '{"fields":[{"name":"StringField","type":"string"},{"name":"FloatField","type":"float"},{"name":"BooleanField","type":"boolean"}],"name":"Avro","type":"record"}'
|
||||
name: my-topic-schema
|
||||
project: my-project
|
||||
type: AVRO
|
||||
module.topic_with_schema.google_pubsub_topic.default:
|
||||
name: my-topic
|
||||
project: my-project
|
||||
schema_settings:
|
||||
- encoding: JSON
|
||||
|
||||
|
||||
@pytest.fixture
|
||||
def resources(plan_runner):
|
||||
_, resources = plan_runner()
|
||||
return resources
|
||||
|
||||
|
||||
def test_resource_count(resources):
|
||||
"Test number of resources created."
|
||||
assert len(resources) == 2
|
||||
|
||||
|
||||
def test_iam(resources):
|
||||
"Test IAM binding resources."
|
||||
bindings = [r['values'] for r in resources if r['type']
|
||||
== 'google_endpoints_service_iam_binding']
|
||||
assert len(bindings) == 1
|
||||
assert bindings[0]['role'] == 'roles/servicemanagement.serviceController'
|
||||
counts:
|
||||
google_pubsub_schema: 1
|
||||
google_pubsub_topic: 1
|
|
@ -0,0 +1,36 @@
|
|||
# Copyright 2023 Google LLC
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
|
||||
values:
|
||||
module.pubsub.google_pubsub_topic.default:
|
||||
name: my-topic
|
||||
project: my-project
|
||||
module.pubsub.google_pubsub_topic_iam_binding.default["roles/pubsub.subscriber"]:
|
||||
condition: []
|
||||
members:
|
||||
- user:user1@example.com
|
||||
project: my-project
|
||||
role: roles/pubsub.subscriber
|
||||
topic: my-topic
|
||||
module.pubsub.google_pubsub_topic_iam_binding.default["roles/pubsub.viewer"]:
|
||||
condition: []
|
||||
members:
|
||||
- group:foo@example.com
|
||||
project: my-project
|
||||
role: roles/pubsub.viewer
|
||||
topic: my-topic
|
||||
|
||||
counts:
|
||||
google_pubsub_topic: 1
|
||||
google_pubsub_topic_iam_binding: 2
|
|
@ -0,0 +1,27 @@
|
|||
# Copyright 2023 Google LLC
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
|
||||
values:
|
||||
module.pubsub.google_pubsub_subscription_iam_binding.default["test-1.roles/pubsub.subscriber"]:
|
||||
condition: []
|
||||
members:
|
||||
- user:user1@ludomagno.net
|
||||
project: my-project
|
||||
role: roles/pubsub.subscriber
|
||||
subscription: test-1
|
||||
|
||||
counts:
|
||||
google_pubsub_subscription: 1
|
||||
google_pubsub_subscription_iam_binding: 1
|
||||
google_pubsub_topic: 1
|
|
@ -0,0 +1,51 @@
|
|||
# Copyright 2023 Google LLC
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
|
||||
values:
|
||||
module.pubsub.google_pubsub_subscription.default["test-pull"]:
|
||||
bigquery_config: []
|
||||
dead_letter_policy: []
|
||||
enable_exactly_once_delivery: null
|
||||
enable_message_ordering: null
|
||||
filter: null
|
||||
labels: null
|
||||
message_retention_duration: 604800s
|
||||
name: test-pull
|
||||
project: my-project
|
||||
push_config: []
|
||||
retain_acked_messages: null
|
||||
retry_policy: []
|
||||
topic: my-topic
|
||||
module.pubsub.google_pubsub_subscription.default["test-pull-override"]:
|
||||
bigquery_config: []
|
||||
dead_letter_policy: []
|
||||
enable_exactly_once_delivery: null
|
||||
enable_message_ordering: null
|
||||
filter: null
|
||||
labels:
|
||||
test: override
|
||||
message_retention_duration: 604800s
|
||||
name: test-pull-override
|
||||
project: my-project
|
||||
push_config: []
|
||||
retain_acked_messages: true
|
||||
retry_policy: []
|
||||
topic: my-topic
|
||||
module.pubsub.google_pubsub_topic.default:
|
||||
name: my-topic
|
||||
project: my-project
|
||||
|
||||
counts:
|
||||
google_pubsub_subscription: 2
|
||||
google_pubsub_topic: 1
|
|
@ -1,34 +0,0 @@
|
|||
/**
|
||||
* Copyright 2022 Google LLC
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*/
|
||||
|
||||
module "test" {
|
||||
source = "../../../../modules/pubsub"
|
||||
project_id = "my-project"
|
||||
regions = ["europe-west1"]
|
||||
name = "test"
|
||||
iam = {
|
||||
"roles/pubsub.publisher" = ["user:me@example.com"]
|
||||
}
|
||||
subscriptions = {
|
||||
test = null
|
||||
}
|
||||
subscription_iam = {
|
||||
test = {
|
||||
"roles/pubsub.subscriber" = ["user:me@example.com"]
|
||||
}
|
||||
}
|
||||
labels = var.labels
|
||||
}
|
|
@ -1,20 +0,0 @@
|
|||
/**
|
||||
* Copyright 2022 Google LLC
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*/
|
||||
|
||||
variable "labels" {
|
||||
type = map(string)
|
||||
default = {}
|
||||
}
|
|
@ -1,50 +0,0 @@
|
|||
# Copyright 2022 Google LLC
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
|
||||
import pytest
|
||||
|
||||
|
||||
@pytest.fixture
|
||||
def resources(plan_runner):
|
||||
_, resources = plan_runner()
|
||||
return resources
|
||||
|
||||
|
||||
def test_resource_count(resources):
|
||||
"Test number of resources created."
|
||||
assert len(resources) == 4
|
||||
|
||||
|
||||
def test_iam(resources):
|
||||
"Test IAM binding resources."
|
||||
bindings = [r['values'] for r in resources if r['type']
|
||||
== 'google_pubsub_topic_iam_binding']
|
||||
assert len(bindings) == 1
|
||||
assert bindings[0]['role'] == 'roles/pubsub.publisher'
|
||||
|
||||
|
||||
def test_subscriptions(resources):
|
||||
"Test subscription resources."
|
||||
subs = [r['values'] for r in resources if r['type']
|
||||
== 'google_pubsub_subscription']
|
||||
assert len(subs) == 1
|
||||
assert set(s['name'] for s in subs) == set(['test'])
|
||||
|
||||
|
||||
def test_subscription_iam(resources):
|
||||
"Test subscription IAM binding resources."
|
||||
bindings = [r['values'] for r in resources if r['type']
|
||||
== 'google_pubsub_subscription_iam_binding']
|
||||
assert len(bindings) == 1
|
||||
assert set(b['role'] for b in bindings) == set(['roles/pubsub.subscriber'])
|
|
@ -1,13 +0,0 @@
|
|||
# Copyright 2022 Google LLC
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
|
@ -0,0 +1,46 @@
|
|||
# Copyright 2023 Google LLC
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
|
||||
values:
|
||||
module.secret-manager.google_secret_manager_secret.default["test-auto"]:
|
||||
project: my-project
|
||||
replication:
|
||||
- automatic: true
|
||||
user_managed: []
|
||||
secret_id: test-auto
|
||||
module.secret-manager.google_secret_manager_secret.default["test-manual"]:
|
||||
project: my-project
|
||||
replication:
|
||||
- automatic: null
|
||||
user_managed:
|
||||
- replicas:
|
||||
- customer_managed_encryption: []
|
||||
location: europe-west1
|
||||
- customer_managed_encryption: []
|
||||
location: europe-west4
|
||||
secret_id: test-manual
|
||||
module.secret-manager.google_secret_manager_secret_iam_binding.default["test-auto.roles/secretmanager.secretAccessor"]:
|
||||
condition: []
|
||||
members:
|
||||
- group:auto-readers@example.com
|
||||
role: roles/secretmanager.secretAccessor
|
||||
module.secret-manager.google_secret_manager_secret_iam_binding.default["test-manual.roles/secretmanager.secretAccessor"]:
|
||||
condition: []
|
||||
members:
|
||||
- group:manual-readers@example.com
|
||||
role: roles/secretmanager.secretAccessor
|
||||
|
||||
counts:
|
||||
google_secret_manager_secret: 2
|
||||
google_secret_manager_secret_iam_binding: 2
|
|
@ -0,0 +1,28 @@
|
|||
# Copyright 2023 Google LLC
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
|
||||
values:
|
||||
module.secret-manager.google_secret_manager_secret_version.default["test-auto:v1"]:
|
||||
enabled: false
|
||||
secret_data: auto foo bar baz
|
||||
module.secret-manager.google_secret_manager_secret_version.default["test-auto:v2"]:
|
||||
enabled: true
|
||||
secret_data: auto foo bar spam
|
||||
module.secret-manager.google_secret_manager_secret_version.default["test-manual:v1"]:
|
||||
enabled: true
|
||||
secret_data: manual foo bar spam
|
||||
|
||||
counts:
|
||||
google_secret_manager_secret: 2
|
||||
google_secret_manager_secret_version: 3
|
|
@ -1,42 +0,0 @@
|
|||
/**
|
||||
* Copyright 2022 Google LLC
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*/
|
||||
|
||||
module "test" {
|
||||
source = "../../../../modules/secret-manager"
|
||||
project_id = "my-project"
|
||||
iam = {
|
||||
secret-1 = {
|
||||
"roles/secretmanager.secretAccessor" = [
|
||||
"serviceAccount:service-account.example.com"
|
||||
]
|
||||
}
|
||||
secret-2 = {
|
||||
"roles/secretmanager.viewer" = [
|
||||
"serviceAccount:service-account.example.com"
|
||||
]
|
||||
}
|
||||
}
|
||||
secrets = {
|
||||
secret-1 = ["europe-west1"],
|
||||
secret-2 = null
|
||||
}
|
||||
versions = {
|
||||
secret-1 = {
|
||||
foobar = { enabled = true, data = "foobar" }
|
||||
}
|
||||
}
|
||||
labels = var.labels
|
||||
}
|
|
@ -1,20 +0,0 @@
|
|||
/**
|
||||
* Copyright 2022 Google LLC
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*/
|
||||
|
||||
variable "labels" {
|
||||
type = map(map(string))
|
||||
default = {}
|
||||
}
|
|
@ -1,36 +0,0 @@
|
|||
# Copyright 2022 Google LLC
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
|
||||
import pytest
|
||||
|
||||
|
||||
@pytest.fixture
|
||||
def resources(plan_runner):
|
||||
_, resources = plan_runner()
|
||||
return resources
|
||||
|
||||
|
||||
def test_resource_count(resources):
|
||||
"Test number of resources created."
|
||||
assert len(resources) == 5
|
||||
|
||||
|
||||
def test_secret_iam(resources):
|
||||
"Test secret IAM binding resources."
|
||||
bindings = [r['values'] for r in resources if r['type']
|
||||
== 'google_secret_manager_secret_iam_binding']
|
||||
assert len(bindings) == 2
|
||||
assert set(b['role'] for b in bindings) == set([
|
||||
'roles/secretmanager.secretAccessor', 'roles/secretmanager.viewer'
|
||||
])
|
|
@ -1,13 +0,0 @@
|
|||
# Copyright 2022 Google LLC
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
|
@ -0,0 +1,35 @@
|
|||
# Copyright 2023 Google LLC
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
|
||||
values:
|
||||
module.dns-sd.google_dns_managed_zone.non-public[0]:
|
||||
dns_name: apps.example.org.
|
||||
visibility: private
|
||||
module.service-directory.google_service_directory_endpoint.default["app1/one"]:
|
||||
address: 127.0.0.1
|
||||
endpoint_id: one
|
||||
port: 80
|
||||
module.service-directory.google_service_directory_namespace.default:
|
||||
location: europe-west1
|
||||
namespace_id: apps
|
||||
project: my-project
|
||||
module.service-directory.google_service_directory_service.default["app1"]:
|
||||
service_id: app1
|
||||
|
||||
counts:
|
||||
google_dns_managed_zone: 1
|
||||
google_service_directory_endpoint: 1
|
||||
google_service_directory_namespace: 1
|
||||
google_service_directory_namespace_iam_binding: 1
|
||||
google_service_directory_service: 1
|
|
@ -0,0 +1,36 @@
|
|||
# Copyright 2023 Google LLC
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
|
||||
values:
|
||||
module.service-directory.google_service_directory_endpoint.default["one/first"]:
|
||||
address: 127.0.0.1
|
||||
endpoint_id: first
|
||||
port: 80
|
||||
module.service-directory.google_service_directory_endpoint.default["one/second"]:
|
||||
address: 127.0.0.2
|
||||
endpoint_id: second
|
||||
port: 80
|
||||
module.service-directory.google_service_directory_namespace.default:
|
||||
location: europe-west1
|
||||
namespace_id: sd-1
|
||||
project: my-project
|
||||
module.service-directory.google_service_directory_service.default["one"]:
|
||||
metadata: null
|
||||
service_id: one
|
||||
|
||||
counts:
|
||||
google_service_directory_endpoint: 2
|
||||
google_service_directory_namespace: 1
|
||||
google_service_directory_service: 1
|
||||
google_service_directory_service_iam_binding: 1
|
|
@ -0,0 +1,33 @@
|
|||
# Copyright 2023 Google LLC
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
|
||||
values:
|
||||
module.service-directory.google_service_directory_namespace.default:
|
||||
labels: null
|
||||
location: europe-west1
|
||||
namespace_id: sd-1
|
||||
project: my-project
|
||||
module.service-directory.google_service_directory_namespace_iam_binding.default["roles/servicedirectory.editor"]:
|
||||
condition: []
|
||||
members:
|
||||
- serviceAccount:namespace-editor@example.com
|
||||
role: roles/servicedirectory.editor
|
||||
|
||||
counts:
|
||||
google_service_directory_namespace: 1
|
||||
google_service_directory_namespace_iam_binding: 1
|
||||
modules: 1
|
||||
resources: 2
|
||||
|
||||
outputs: {}
|
|
@ -1,55 +0,0 @@
|
|||
/**
|
||||
* Copyright 2022 Google LLC
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*/
|
||||
|
||||
module "test" {
|
||||
source = "../../../../modules/service-directory"
|
||||
project_id = "my-project"
|
||||
location = "europe-west1"
|
||||
name = "ns-test"
|
||||
iam = {
|
||||
"roles/servicedirectory.viewer" = [
|
||||
"serviceAccount:service-editor.example.com"
|
||||
]
|
||||
}
|
||||
services = {
|
||||
srv-one = {
|
||||
endpoints = ["alpha", "beta"]
|
||||
metadata = null
|
||||
}
|
||||
srv-two = {
|
||||
endpoints = ["alpha"]
|
||||
metadata = null
|
||||
}
|
||||
}
|
||||
service_iam = {
|
||||
srv-one = {
|
||||
"roles/servicedirectory.editor" = [
|
||||
"serviceAccount:service-editor.example.com"
|
||||
]
|
||||
}
|
||||
srv-two = {
|
||||
"roles/servicedirectory.admin" = [
|
||||
"serviceAccount:service-editor.example.com"
|
||||
]
|
||||
}
|
||||
}
|
||||
endpoint_config = {
|
||||
"srv-one/alpha" = { address = "127.0.0.1", port = 80, metadata = {} }
|
||||
"srv-one/beta" = { address = "127.0.0.2", port = 80, metadata = {} }
|
||||
"srv-two/alpha" = { address = "127.0.0.3", port = 80, metadata = {} }
|
||||
}
|
||||
labels = var.labels
|
||||
}
|
|
@ -1,20 +0,0 @@
|
|||
/**
|
||||
* Copyright 2022 Google LLC
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*/
|
||||
|
||||
variable "labels" {
|
||||
type = map(string)
|
||||
default = {}
|
||||
}
|
|
@ -1,52 +0,0 @@
|
|||
# Copyright 2022 Google LLC
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
|
||||
import pytest
|
||||
|
||||
|
||||
@pytest.fixture
|
||||
def resources(plan_runner):
|
||||
_, resources = plan_runner()
|
||||
return resources
|
||||
|
||||
|
||||
def test_resource_count(resources):
|
||||
"Test number of resources created."
|
||||
assert len(resources) == 9
|
||||
|
||||
|
||||
def test_iam(resources):
|
||||
"Test IAM binding resources."
|
||||
bindings = [r['values'] for r in resources if r['type']
|
||||
== 'google_service_directory_namespace_iam_binding']
|
||||
assert len(bindings) == 1
|
||||
assert bindings[0]['role'] == 'roles/servicedirectory.viewer'
|
||||
|
||||
|
||||
def test_services(resources):
|
||||
"Test service resources."
|
||||
services = [r['values'] for r in resources if r['type']
|
||||
== 'google_service_directory_service']
|
||||
assert len(services) == 2
|
||||
assert set(s['service_id'] for s in services) == set(['srv-one', 'srv-two'])
|
||||
|
||||
|
||||
def test_service_iam(resources):
|
||||
"Test service IAM binding resources."
|
||||
bindings = [r['values'] for r in resources if r['type']
|
||||
== 'google_service_directory_service_iam_binding']
|
||||
assert len(bindings) == 2
|
||||
assert set(b['role'] for b in bindings) == set([
|
||||
'roles/servicedirectory.admin', 'roles/servicedirectory.editor'
|
||||
])
|
|
@ -1,13 +0,0 @@
|
|||
# Copyright 2022 Google LLC
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
|
@ -0,0 +1,30 @@
|
|||
# Copyright 2023 Google LLC
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
|
||||
values:
|
||||
module.repo.google_sourcerepo_repository.default:
|
||||
name: my-repo
|
||||
project: my-project
|
||||
pubsub_configs: []
|
||||
module.repo.google_sourcerepo_repository_iam_binding.authoritative["roles/source.reader"]:
|
||||
condition: []
|
||||
members:
|
||||
- user:foo@example.com
|
||||
project: my-project
|
||||
repository: my-repo
|
||||
role: roles/source.reader
|
||||
|
||||
counts:
|
||||
google_sourcerepo_repository: 1
|
||||
google_sourcerepo_repository_iam_binding: 1
|
|
@ -0,0 +1,40 @@
|
|||
# Copyright 2023 Google LLC
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
|
||||
values:
|
||||
module.repo.google_cloudbuild_trigger.default["foo"]:
|
||||
filename: ci/workflow-foo.yaml
|
||||
included_files:
|
||||
- '**/*tf'
|
||||
location: global
|
||||
name: foo
|
||||
project: my-project
|
||||
substitutions:
|
||||
BAR: '1'
|
||||
trigger_template:
|
||||
- branch_name: main
|
||||
commit_sha: null
|
||||
dir: null
|
||||
invert_regex: null
|
||||
repo_name: my-repo
|
||||
tag_name: null
|
||||
webhook_config: []
|
||||
module.repo.google_sourcerepo_repository.default:
|
||||
name: my-repo
|
||||
project: my-project
|
||||
pubsub_configs: []
|
||||
|
||||
counts:
|
||||
google_cloudbuild_trigger: 1
|
||||
google_sourcerepo_repository: 1
|
|
@ -1,65 +0,0 @@
|
|||
/**
|
||||
* Copyright 2022 Google LLC
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*/
|
||||
|
||||
variable "group_iam" {
|
||||
type = any
|
||||
default = {}
|
||||
}
|
||||
|
||||
variable "iam" {
|
||||
type = any
|
||||
default = {}
|
||||
nullable = false
|
||||
}
|
||||
|
||||
variable "iam_additive" {
|
||||
type = any
|
||||
default = {}
|
||||
nullable = false
|
||||
}
|
||||
|
||||
variable "iam_additive_members" {
|
||||
type = any
|
||||
default = {}
|
||||
}
|
||||
|
||||
variable "name" {
|
||||
description = "Repository name."
|
||||
type = string
|
||||
default = "test"
|
||||
}
|
||||
|
||||
variable "project_id" {
|
||||
description = "Project used for resources."
|
||||
type = string
|
||||
default = "test"
|
||||
}
|
||||
|
||||
variable "triggers" {
|
||||
type = any
|
||||
default = null
|
||||
}
|
||||
|
||||
module "test" {
|
||||
source = "../../../../modules/source-repository"
|
||||
project_id = var.project_id
|
||||
name = var.name
|
||||
group_iam = var.group_iam
|
||||
iam = var.iam
|
||||
iam_additive = var.iam_additive
|
||||
iam_additive_members = var.iam_additive_members
|
||||
triggers = var.triggers
|
||||
}
|
|
@ -1,60 +0,0 @@
|
|||
# Copyright 2022 Google LLC
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
|
||||
|
||||
def test_resource_count(plan_runner):
|
||||
'Test number of resources created.'
|
||||
_, resources = plan_runner()
|
||||
assert len(resources) == 1
|
||||
|
||||
|
||||
def test_iam(plan_runner):
|
||||
'Test IAM binding resources.'
|
||||
group_iam = '{"fooers@example.org"=["roles/owner"]}'
|
||||
iam = '''{
|
||||
"roles/editor" = ["user:a@example.org", "user:b@example.org"]
|
||||
"roles/owner" = ["user:c@example.org"]
|
||||
}'''
|
||||
_, resources = plan_runner(group_iam=group_iam, iam=iam)
|
||||
bindings = {
|
||||
r['values']['role']: r['values']['members']
|
||||
for r in resources
|
||||
if r['type'] == 'google_sourcerepo_repository_iam_binding'
|
||||
}
|
||||
assert bindings == {
|
||||
'roles/editor': ['user:a@example.org', 'user:b@example.org'],
|
||||
'roles/owner': ['group:fooers@example.org', 'user:c@example.org']
|
||||
}
|
||||
|
||||
|
||||
def test_triggers(plan_runner):
|
||||
'Test trigger resources.'
|
||||
triggers = '''{
|
||||
foo = {
|
||||
filename = "ci/foo.yaml"
|
||||
included_files = ["**/*yaml"]
|
||||
service_account = null
|
||||
substitutions = null
|
||||
template = {
|
||||
branch_name = null
|
||||
project_id = null
|
||||
tag_name = "foo"
|
||||
}
|
||||
}
|
||||
}'''
|
||||
_, resources = plan_runner(triggers=triggers)
|
||||
triggers = [
|
||||
r['index'] for r in resources if r['type'] == 'google_cloudbuild_trigger'
|
||||
]
|
||||
assert triggers == ['foo']
|
|
@ -1,13 +0,0 @@
|
|||
# Copyright 2022 Google LLC
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
|
@ -0,0 +1,56 @@
|
|||
# Copyright 2023 Google LLC
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
|
||||
values:
|
||||
module.test.google_access_context_manager_access_level.basic["a1"]:
|
||||
basic:
|
||||
- combining_function: AND
|
||||
conditions:
|
||||
- device_policy: []
|
||||
ip_subnetworks: []
|
||||
members:
|
||||
- user:user1@example.com
|
||||
negate: null
|
||||
regions: []
|
||||
required_access_levels: []
|
||||
custom: []
|
||||
name: accessPolicies/12345678/accessLevels/a1
|
||||
parent: accessPolicies/12345678
|
||||
title: a1
|
||||
module.test.google_access_context_manager_access_level.basic["a2"]:
|
||||
basic:
|
||||
- combining_function: OR
|
||||
conditions:
|
||||
- device_policy: []
|
||||
ip_subnetworks:
|
||||
- 101.101.101.0/24
|
||||
members: []
|
||||
negate: null
|
||||
regions: []
|
||||
required_access_levels: []
|
||||
- device_policy: []
|
||||
ip_subnetworks: []
|
||||
members: []
|
||||
negate: null
|
||||
regions:
|
||||
- IT
|
||||
- FR
|
||||
required_access_levels: []
|
||||
custom: []
|
||||
name: accessPolicies/12345678/accessLevels/a2
|
||||
parent: accessPolicies/12345678
|
||||
title: a2
|
||||
|
||||
counts:
|
||||
google_access_context_manager_access_level: 2
|
|
@ -1,4 +1,4 @@
|
|||
# Copyright 2022 Google LLC
|
||||
# Copyright 2023 Google LLC
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
|
@ -11,3 +11,12 @@
|
|||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
|
||||
values:
|
||||
module.test.google_access_context_manager_access_policy.default[0]:
|
||||
parent: organizations/123456
|
||||
scopes: null
|
||||
title: vpcsc-policy
|
||||
|
||||
counts:
|
||||
google_access_context_manager_access_policy: 1
|
|
@ -0,0 +1,58 @@
|
|||
# Copyright 2023 Google LLC
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
|
||||
values:
|
||||
module.test.google_access_context_manager_service_perimeter.bridge["b1"]:
|
||||
description: null
|
||||
name: accessPolicies/12345678/servicePerimeters/b1
|
||||
parent: accessPolicies/12345678
|
||||
perimeter_type: PERIMETER_TYPE_BRIDGE
|
||||
spec: []
|
||||
status:
|
||||
- access_levels: null
|
||||
egress_policies: []
|
||||
ingress_policies: []
|
||||
resources:
|
||||
- projects/111110
|
||||
- projects/111111
|
||||
restricted_services: null
|
||||
vpc_accessible_services: []
|
||||
title: b1
|
||||
use_explicit_dry_run_spec: false
|
||||
module.test.google_access_context_manager_service_perimeter.bridge["b2"]:
|
||||
description: null
|
||||
name: accessPolicies/12345678/servicePerimeters/b2
|
||||
parent: accessPolicies/12345678
|
||||
perimeter_type: PERIMETER_TYPE_BRIDGE
|
||||
spec:
|
||||
- access_levels: null
|
||||
egress_policies: []
|
||||
ingress_policies: []
|
||||
resources:
|
||||
- projects/222220
|
||||
- projects/222221
|
||||
restricted_services: null
|
||||
vpc_accessible_services: []
|
||||
status:
|
||||
- access_levels: null
|
||||
egress_policies: []
|
||||
ingress_policies: []
|
||||
resources: []
|
||||
restricted_services: null
|
||||
vpc_accessible_services: []
|
||||
title: b2
|
||||
use_explicit_dry_run_spec: true
|
||||
|
||||
counts:
|
||||
google_access_context_manager_service_perimeter: 2
|
|
@ -0,0 +1,93 @@
|
|||
# Copyright 2023 Google LLC
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
|
||||
values:
|
||||
module.test.google_access_context_manager_access_level.basic["a1"]:
|
||||
basic:
|
||||
- combining_function: AND
|
||||
conditions:
|
||||
- device_policy: []
|
||||
ip_subnetworks: []
|
||||
members:
|
||||
- user:user1@example.com
|
||||
negate: null
|
||||
regions: []
|
||||
required_access_levels: []
|
||||
custom: []
|
||||
name: accessPolicies/12345678/accessLevels/a1
|
||||
parent: accessPolicies/12345678
|
||||
title: a1
|
||||
module.test.google_access_context_manager_access_level.basic["a2"]:
|
||||
basic:
|
||||
- combining_function: AND
|
||||
conditions:
|
||||
- device_policy: []
|
||||
ip_subnetworks: []
|
||||
members:
|
||||
- user:user2@example.com
|
||||
negate: null
|
||||
regions: []
|
||||
required_access_levels: []
|
||||
custom: []
|
||||
name: accessPolicies/12345678/accessLevels/a2
|
||||
parent: accessPolicies/12345678
|
||||
title: a2
|
||||
module.test.google_access_context_manager_service_perimeter.regular["r1"]:
|
||||
name: accessPolicies/12345678/servicePerimeters/r1
|
||||
parent: accessPolicies/12345678
|
||||
perimeter_type: PERIMETER_TYPE_REGULAR
|
||||
spec: []
|
||||
status:
|
||||
- egress_policies:
|
||||
- egress_from:
|
||||
- identities:
|
||||
- serviceAccount:foo@myproject.iam.gserviceaccount.com
|
||||
identity_type: ANY_IDENTITY
|
||||
egress_to:
|
||||
- external_resources: null
|
||||
operations:
|
||||
- method_selectors:
|
||||
- method: '*'
|
||||
permission: null
|
||||
service_name: storage.googleapis.com
|
||||
resources:
|
||||
- projects/123456789
|
||||
ingress_policies:
|
||||
- ingress_from:
|
||||
- identities:
|
||||
- serviceAccount:test-tf@myproject.iam.gserviceaccount.com
|
||||
identity_type: null
|
||||
sources:
|
||||
- resource: null
|
||||
ingress_to:
|
||||
- operations:
|
||||
- method_selectors: []
|
||||
service_name: '*'
|
||||
resources:
|
||||
- '*'
|
||||
resources:
|
||||
- projects/11111
|
||||
- projects/111111
|
||||
restricted_services:
|
||||
- storage.googleapis.com
|
||||
vpc_accessible_services:
|
||||
- allowed_services:
|
||||
- storage.googleapis.com
|
||||
enable_restriction: true
|
||||
title: r1
|
||||
use_explicit_dry_run_spec: false
|
||||
|
||||
counts:
|
||||
google_access_context_manager_access_level: 2
|
||||
google_access_context_manager_service_perimeter: 1
|
|
@ -1,4 +1,4 @@
|
|||
# Copyright 2022 Google LLC
|
||||
# Copyright 2023 Google LLC
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
|
@ -11,3 +11,13 @@
|
|||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
|
||||
values:
|
||||
module.test.google_access_context_manager_access_policy.default[0]:
|
||||
parent: organizations/123456
|
||||
scopes:
|
||||
- folders/456789
|
||||
title: vpcsc-policy
|
||||
|
||||
counts:
|
||||
google_access_context_manager_access_policy: 1
|
|
@ -1,26 +0,0 @@
|
|||
/**
|
||||
* Copyright 2022 Google LLC
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*/
|
||||
|
||||
module "test" {
|
||||
source = "../../../../modules/vpc-sc"
|
||||
access_policy = var.access_policy
|
||||
access_policy_create = var.access_policy_create
|
||||
access_levels = var.access_levels
|
||||
egress_policies = var.egress_policies
|
||||
ingress_policies = var.ingress_policies
|
||||
service_perimeters_bridge = var.service_perimeters_bridge
|
||||
service_perimeters_regular = var.service_perimeters_regular
|
||||
}
|
|
@ -1,96 +0,0 @@
|
|||
access_levels = {
|
||||
a1 = {
|
||||
combining_function = null
|
||||
conditions = [
|
||||
{
|
||||
device_policy = null
|
||||
ip_subnetworks = null
|
||||
members = ["user:ludomagno@google.com"]
|
||||
negate = null
|
||||
regions = null
|
||||
required_access_levels = null
|
||||
}
|
||||
]
|
||||
}
|
||||
a2 = {
|
||||
combining_function = "OR"
|
||||
conditions = [
|
||||
{
|
||||
device_policy = null
|
||||
ip_subnetworks = null
|
||||
members = null
|
||||
negate = null
|
||||
regions = ["IT", "FR"]
|
||||
required_access_levels = null
|
||||
},
|
||||
{
|
||||
device_policy = null
|
||||
ip_subnetworks = null
|
||||
members = null
|
||||
negate = null
|
||||
regions = ["US"]
|
||||
required_access_levels = null
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
egress_policies = {
|
||||
foo = {
|
||||
from = {
|
||||
identities = ["user:foo@example.com"]
|
||||
}
|
||||
to = {
|
||||
resources = ["projects/333330"]
|
||||
}
|
||||
}
|
||||
}
|
||||
ingress_policies = {
|
||||
foo = {
|
||||
from = {
|
||||
source_access_levels = ["a2"]
|
||||
source_resources = ["projects/333330"]
|
||||
}
|
||||
to = {
|
||||
operations = [{
|
||||
service_name = "compute.googleapis.com"
|
||||
}]
|
||||
resources = ["projects/222220"]
|
||||
}
|
||||
}
|
||||
}
|
||||
service_perimeters_bridge = {
|
||||
b1 = {
|
||||
status_resources = ["projects/111110", "projects/111111"]
|
||||
}
|
||||
b2 = {
|
||||
status_resources = ["projects/111110", "projects/222220"]
|
||||
spec_resources = ["projects/111110", "projects/222220"]
|
||||
use_explicit_dry_run_spec = true
|
||||
}
|
||||
}
|
||||
service_perimeters_regular = {
|
||||
r1 = {
|
||||
status = {
|
||||
access_levels = ["a1"]
|
||||
resources = ["projects/11111", "projects/111111"]
|
||||
restricted_services = ["storage.googleapis.com"]
|
||||
vpc_accessible_services = {
|
||||
allowed_services = ["compute.googleapis.com"]
|
||||
enable_restriction = true
|
||||
}
|
||||
}
|
||||
}
|
||||
r2 = {
|
||||
status = {
|
||||
access_levels = ["a1", "a2"]
|
||||
resources = ["projects/222220", "projects/222221"]
|
||||
restricted_services = ["storage.googleapis.com"]
|
||||
egress_policies = ["foo"]
|
||||
ingress_policies = ["foo"]
|
||||
vpc_accessible_services = {
|
||||
allowed_services = ["compute.googleapis.com"]
|
||||
enable_restriction = true
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
|
@ -1,53 +0,0 @@
|
|||
/**
|
||||
* Copyright 2022 Google LLC
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*/
|
||||
|
||||
variable "access_levels" {
|
||||
type = any
|
||||
default = {}
|
||||
nullable = false
|
||||
}
|
||||
|
||||
variable "access_policy" {
|
||||
type = string
|
||||
}
|
||||
|
||||
variable "access_policy_create" {
|
||||
type = any
|
||||
default = null
|
||||
}
|
||||
|
||||
variable "egress_policies" {
|
||||
type = any
|
||||
default = {}
|
||||
nullable = false
|
||||
}
|
||||
|
||||
variable "ingress_policies" {
|
||||
type = any
|
||||
default = {}
|
||||
nullable = false
|
||||
}
|
||||
|
||||
variable "service_perimeters_bridge" {
|
||||
type = any
|
||||
default = {}
|
||||
}
|
||||
|
||||
variable "service_perimeters_regular" {
|
||||
type = any
|
||||
default = {}
|
||||
nullable = false
|
||||
}
|
|
@ -1,45 +0,0 @@
|
|||
# Copyright 2022 Google LLC
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
|
||||
import collections
|
||||
|
||||
|
||||
def test_create_policy(plan_runner):
|
||||
"Test with auto-created policy."
|
||||
access_policy_create = '''{
|
||||
parent = "organizations/123456"
|
||||
title = "vpcsc-policy"
|
||||
}'''
|
||||
_, resources = plan_runner(tf_var_file='test.regular.tfvars',
|
||||
access_policy='null',
|
||||
access_policy_create=access_policy_create)
|
||||
counts = collections.Counter(f'{r["type"]}.{r["name"]}' for r in resources)
|
||||
assert counts == {
|
||||
'google_access_context_manager_access_level.basic': 2,
|
||||
'google_access_context_manager_access_policy.default': 1,
|
||||
'google_access_context_manager_service_perimeter.bridge': 2,
|
||||
'google_access_context_manager_service_perimeter.regular': 2
|
||||
}
|
||||
|
||||
|
||||
def test_use_policy(plan_runner):
|
||||
"Test with existing policy."
|
||||
_, resources = plan_runner(tf_var_file='test.regular.tfvars',
|
||||
access_policy="accessPolicies/foobar")
|
||||
counts = collections.Counter(f'{r["type"]}.{r["name"]}' for r in resources)
|
||||
assert counts == {
|
||||
'google_access_context_manager_access_level.basic': 2,
|
||||
'google_access_context_manager_service_perimeter.bridge': 2,
|
||||
'google_access_context_manager_service_perimeter.regular': 2
|
||||
}
|
Loading…
Reference in New Issue