zecfoundation
/
cloud-foundation-fabric
mirror of https://github.com/ZcashFoundation/cloud-foundation-fabric.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #1327 from GoogleCloudPlatform/jccb/migrate-tests 

Migrate more tests
This commit is contained in:
Julio Castillo 2023-04-17 09:18:07 +02:00 committed by GitHub
parent 9072c3472e e8ff5080b9
commit c28f7e69e9
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
86 changed files with 1384 additions and 1605 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
modules/bigtable-instance/README.md
View File

@ -32,7 +32,7 @@ module "bigtable-instance" {
"roles/bigtable.user" = ["user:viewer@testdomain.com"]
}
}
# tftest modules=1 resources=4
# tftest modules=1 resources=4 inventory=simple.yaml
```
### Instance with tables and column families
@ -65,7 +65,7 @@ module "bigtable-instance" {
}
}
}
# tftest modules=1 resources=4
# tftest modules=1 resources=4 inventory=columns.yaml
```
### Instance with replication enabled
@ -88,7 +88,7 @@ module "bigtable-instance" {
}
}
}
# tftest modules=1 resources=1
# tftest modules=1 resources=1 inventory=replication.yaml
```
### Instance with garbage collection policy
@ -118,7 +118,7 @@ module "bigtable-instance" {
}
}
}
# tftest modules=1 resources=3
# tftest modules=1 resources=3 inventory=gc.yaml
```
### Instance with default garbage collection policy
@ -172,7 +172,7 @@ module "bigtable-instance" {
}
}
}
# tftest modules=1 resources=1
# tftest modules=1 resources=1 inventory=static.yaml
```
### Instance with autoscaling (based on CPU only)
@ -198,7 +198,7 @@ module "bigtable-instance" {
}
# tftest modules=1 resources=1
# tftest modules=1 resources=1 inventory=autoscaling1.yaml
```
### Instance with autoscaling (based on CPU and/or storage)
@ -222,7 +222,7 @@ module "bigtable-instance" {
}
}
}
# tftest modules=1 resources=1
# tftest modules=1 resources=1 inventory=autoscaling2.yaml
```
<!-- BEGIN TFDOC -->

2
modules/cloud-identity-group/README.md
View File

@ -28,7 +28,7 @@ module "group" {
"service-account@my-gcp-project.iam.gserviceaccount.com"
]
}
# tftest modules=1 resources=4
# tftest modules=1 resources=4 inventory=members.yaml
```
### Group with managers

29
modules/cloudsql-instance/README.md
View File

@ -40,7 +40,7 @@ module "db" {
database_version = "POSTGRES_13"
tier = "db-g1-small"
}
# tftest modules=3 resources=9
# tftest modules=3 resources=9 inventory=simple.yaml
```
## Cross-regional read replica
@ -50,6 +50,7 @@ module "db" {
source = "./fabric/modules/cloudsql-instance"
project_id = var.project_id
network = var.vpc.self_link
prefix = "myprefix"
name = "db"
region = "europe-west1"
database_version = "POSTGRES_13"
@ -60,7 +61,7 @@ module "db" {
replica2 = { region = "us-central1", encryption_key_name = null }
}
}
# tftest modules=1 resources=3
# tftest modules=1 resources=3 inventory=replicas.yaml
```
## Custom flags, databases and users
@ -91,7 +92,7 @@ module "db" {
user2 = "mypassword"
}
}
# tftest modules=1 resources=6
# tftest modules=1 resources=6 inventory=custom.yaml
```
### CMEK encryption
@ -140,6 +141,28 @@ module "db" {
# tftest modules=3 resources=10
```
### Enable public IP
Use `ipv_enabled` to create instances with a public IP.
```hcl
module "db" {
source = "./fabric/modules/cloudsql-instance"
project_id = var.project_id
network = var.vpc.self_link
name = "db"
region = "europe-west1"
tier = "db-g1-small"
database_version = "MYSQL_8_0"
ipv4_enabled = true
replicas = {
replica1 = { region = "europe-west3", encryption_key_name = null }
}
}
# tftest modules=1 resources=2 inventory=public-ip.yaml
```
<!-- BEGIN TFDOC -->
## Variables

2
modules/container-registry/README.md
View File

@ -13,7 +13,7 @@ module "container_registry" {
"roles/storage.admin" = ["group:cicd@example.com"]
}
}
# tftest modules=1 resources=2
# tftest modules=1 resources=2 inventory=simple.yaml
```
<!-- BEGIN TFDOC -->

2
modules/endpoints/README.md
View File

@ -18,7 +18,7 @@ module "endpoint" {
]
}
}
# tftest modules=1 resources=2 files=openapi
# tftest modules=1 resources=2 files=openapi inventory=simple.yaml
```
```yaml

22
modules/logging-bucket/README.md
View File

@ -17,7 +17,7 @@ module "bucket" {
parent = var.project_id
id = "mybucket"
}
# tftest modules=1 resources=1
# tftest modules=1 resources=1 inventory=project.yaml
```
@ -37,7 +37,25 @@ module "bucket-default" {
id = "_Default"
retention = 10
}
# tftest modules=2 resources=2
# tftest modules=2 resources=2 inventory=retention.yaml
```
### Organization and billing account buckets
```hcl
module "bucket-organization" {
source = "./fabric/modules/logging-bucket"
parent_type = "organization"
parent = "organizations/012345"
id = "mybucket"
}
module "bucket-billing-account" {
source = "./fabric/modules/logging-bucket"
parent_type = "billing_account"
parent = "012345"
id = "mybucket"
}
# tftest modules=2 resources=2 inventory=org-ba.yaml
```
<!-- BEGIN TFDOC -->

6
modules/pubsub/README.md
View File

@ -16,7 +16,7 @@ module "pubsub" {
"roles/pubsub.subscriber" = ["user:user1@example.com"]
}
}
# tftest modules=1 resources=3
# tftest modules=1 resources=3 inventory=simple.yaml
```
### Topic with schema
@ -48,7 +48,7 @@ module "topic_with_schema" {
})
}
}
# tftest modules=1 resources=2
# tftest modules=1 resources=2 inventory=schema.yaml
```
### Subscriptions
@ -74,7 +74,7 @@ module "pubsub" {
}
}
}
# tftest modules=1 resources=3
# tftest modules=1 resources=3 inventory=subscriptions.yaml
```
### Push subscriptions

4
modules/secret-manager/README.md
View File

@ -45,7 +45,7 @@ module "secret-manager" {
}
}
}
# tftest modules=1 resources=4
# tftest modules=1 resources=4 inventory=iam.yaml
```
### Secret versions
@ -70,7 +70,7 @@ module "secret-manager" {
}
}
}
# tftest modules=1 resources=5
# tftest modules=1 resources=5 inventory=versions.yaml
```
<!-- BEGIN TFDOC -->

6
modules/service-directory/README.md
View File

@ -21,7 +21,7 @@ module "service-directory" {
]
}
}
# tftest modules=1 resources=2
# tftest modules=1 resources=2 inventory=simple.yaml
```
### Services with IAM and endpoints
@ -50,7 +50,7 @@ module "service-directory" {
"one/second" = { address = "127.0.0.2", port = 80, metadata = {} }
}
}
# tftest modules=1 resources=5
# tftest modules=1 resources=5 inventory=services.yaml
```
### DNS based zone
@ -85,7 +85,7 @@ module "dns-sd" {
client_networks = [var.vpc.self_link]
service_directory_namespace = module.service-directory.id
}
# tftest modules=2 resources=5
# tftest modules=2 resources=5 inventory=dns.yaml
```
<!-- BEGIN TFDOC -->

4
modules/source-repository/README.md
View File

@ -15,7 +15,7 @@ module "repo" {
"roles/source.reader" = ["user:foo@example.com"]
}
}
# tftest modules=1 resources=2
# tftest modules=1 resources=2 inventory=simple.yaml
```
### Repository with Cloud Build trigger
@ -41,7 +41,7 @@ module "repo" {
}
}
}
# tftest modules=1 resources=2
# tftest modules=1 resources=2 inventory=trigger.yaml
```
<!-- TFDOC OPTS files:1 -->

10
modules/vpc-sc/README.md
View File

@ -31,7 +31,7 @@ module "test" {
title = "vpcsc-policy"
}
}
# tftest modules=1 resources=1
# tftest modules=1 resources=1 inventory=access-policy.yaml
```
If you need the module to create a scoped policy for you, specify 'scopes' of the policy in the `access_policy_create` variable:
@ -46,7 +46,7 @@ module "test" {
scopes = ["folders/456789"]
}
}
# tftest modules=1 resources=1
# tftest modules=1 resources=1 inventory=scoped-access-policy.yaml
```
### Access levels
@ -72,7 +72,7 @@ module "test" {
}
}
}
# tftest modules=1 resources=2
# tftest modules=1 resources=2 inventory=access-levels.yaml
```
### Service perimeters
@ -103,7 +103,7 @@ module "test" {
}
}
}
# tftest modules=1 resources=2
# tftest modules=1 resources=2 inventory=bridge.yaml
```
#### Regular type
@ -172,7 +172,7 @@ module "test" {
}
}
}
# tftest modules=1 resources=3
# tftest modules=1 resources=3 inventory=regular.yaml
```
## Notes

29
tests/modules/bigtable_instance/examples/autoscaling1.yaml Normal file
View File

@ -0,0 +1,29 @@
# Copyright 2023 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
values:
module.bigtable-instance.google_bigtable_instance.default:
cluster:
- autoscaling_config:
- cpu_target: 70
max_nodes: 7
min_nodes: 3
cluster_id: my-cluster
storage_type: SSD
zone: europe-southwest1-b
name: instance
project: my-project
counts:
google_bigtable_instance: 1

30
tests/modules/bigtable_instance/examples/autoscaling2.yaml Normal file
View File

@ -0,0 +1,30 @@
# Copyright 2023 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
values:
module.bigtable-instance.google_bigtable_instance.default:
cluster:
- autoscaling_config:
- cpu_target: 70
max_nodes: 7
min_nodes: 3
storage_target: 4096
cluster_id: my-cluster
storage_type: SSD
zone: europe-southwest1-a
name: instance
project: my-project
counts:
google_bigtable_instance: 1

38
tests/modules/bigtable_instance/examples/columns.yaml Normal file
View File

@ -0,0 +1,38 @@
# Copyright 2023 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
values:
module.bigtable-instance.google_bigtable_table.default["test2"]:
column_family:
- family: cf1
- family: cf2
- family: cf3
instance_name: instance
name: test2
project: my-project
split_keys:
- a
- b
- c
module.bigtable-instance.google_bigtable_table.default["test3"]:
column_family:
- family: cf1
instance_name: instance
name: test3
project: my-project
split_keys: []
counts:
google_bigtable_instance: 1
google_bigtable_table: 3

29
tests/modules/bigtable_instance/examples/gc.yaml Normal file
View File

@ -0,0 +1,29 @@
# Copyright 2023 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
values:
module.bigtable-instance.google_bigtable_gc_policy.default["0"]:
column_family: cf1
deletion_policy: ABANDON
gc_rules: null
instance_name: instance
max_age:
- duration: 18h
max_version: []
mode: null
project: my-project
table: test1
counts:
google_bigtable_gc_policy: 1

36
tests/modules/bigtable_instance/examples/replication.yaml Normal file
View File

@ -0,0 +1,36 @@
# Copyright 2023 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
values:
module.bigtable-instance.google_bigtable_instance.default:
cluster:
- autoscaling_config: []
cluster_id: first-cluster
storage_type: SSD
zone: europe-west1-b
- autoscaling_config: []
cluster_id: second-cluster
storage_type: SSD
zone: europe-southwest1-a
- autoscaling_config: []
cluster_id: third-cluster
storage_type: SSD
zone: us-central1-b
deletion_protection: true
instance_type: PRODUCTION
name: instance
project: my-project
counts:
google_bigtable_instance: 1

52
tests/modules/bigtable_instance/examples/simple.yaml Normal file
View File

@ -0,0 +1,52 @@
# Copyright 2023 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
values:
module.bigtable-instance.google_bigtable_instance.default:
cluster:
- autoscaling_config: []
cluster_id: my-cluster
storage_type: SSD
zone: europe-west1-b
deletion_protection: true
instance_type: PRODUCTION
name: instance
project: my-project
module.bigtable-instance.google_bigtable_instance_iam_binding.default["roles/bigtable.user"]:
condition: []
instance: instance
members:
- user:viewer@testdomain.com
project: my-project
role: roles/bigtable.user
module.bigtable-instance.google_bigtable_table.default["test1"]:
column_family: []
instance_name: instance
name: test1
project: my-project
split_keys: []
module.bigtable-instance.google_bigtable_table.default["test2"]:
column_family: []
instance_name: instance
name: test2
project: my-project
split_keys:
- a
- b
- c
counts:
google_bigtable_instance: 1
google_bigtable_instance_iam_binding: 1
google_bigtable_table: 2

16
tests/modules/container_registry/__init__.py → tests/modules/bigtable_instance/examples/static.yaml
View File

@ -1,4 +1,4 @@
# Copyright 2022 Google LLC
# Copyright 2023 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@ -11,3 +11,17 @@
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
values:
module.bigtable-instance.google_bigtable_instance.default:
cluster:
- autoscaling_config: []
cluster_id: my-cluster
num_nodes: 5
storage_type: SSD
zone: europe-west1-b
name: instance
project: my-project
counts:
google_bigtable_instance: 1

36
tests/modules/bigtable_instance/fixture/main.tf
View File

@ -1,36 +0,0 @@
/**
* Copyright 2022 Google LLC
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
module "test" {
source = "../../../../modules/bigtable-instance"
project_id = "my-project"
name = "test"
iam = {
"roles/bigtable.user" = ["user:me@example.com"]
}
tables = {
test-1 = {},
test-2 = {
split_keys = ["a", "b", "c"]
}
}
clusters = {
test = {
zone = var.zone
}
}
}

20
tests/modules/bigtable_instance/fixture/variables.tf
View File

@ -1,20 +0,0 @@
/**
* Copyright 2022 Google LLC
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
variable "zone" {
type = string
default = "europe-west1-b"
}

42
tests/modules/bigtable_instance/test_plan.py
View File

@ -1,42 +0,0 @@
# Copyright 2022 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
import pytest
@pytest.fixture
def resources(plan_runner):
_, resources = plan_runner()
return resources
def test_resource_count(resources):
"Test number of resources created."
assert len(resources) == 4
def test_iam(resources):
"Test IAM binding resources."
bindings = [r['values'] for r in resources if r['type']
== 'google_bigtable_instance_iam_binding']
assert len(bindings) == 1
assert bindings[0]['role'] == 'roles/bigtable.user'
def test_tables(resources):
"Test table resources."
subs = [r['values'] for r in resources if r['type']
== 'google_bigtable_table']
assert len(subs) == 2
assert set(s['name'] for s in subs) == set(['test-1', 'test-2'])

26
tests/modules/cloud_identity_group/examples/managers.yaml Normal file
View File

@ -0,0 +1,26 @@
# Copyright 2023 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
values:
module.group.google_cloud_identity_group_membership.managers["user3@example.com"]:
preferred_member_key:
- id: user3@example.com
namespace: null
roles:
- name: MANAGER
- name: MEMBER
counts:
google_cloud_identity_group: 1
google_cloud_identity_group_membership: 4

45
tests/modules/cloud_identity_group/examples/members.yaml Normal file
View File

@ -0,0 +1,45 @@
# Copyright 2023 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
values:
module.group.google_cloud_identity_group.group:
description: My group Description
display_name: My group name
group_key:
- id: mygroup@example.com
namespace: null
initial_group_config: EMPTY
parent: customers/C01234567
module.group.google_cloud_identity_group_membership.members["service-account@my-gcp-project.iam.gserviceaccount.com"]:
preferred_member_key:
- id: service-account@my-gcp-project.iam.gserviceaccount.com
namespace: null
roles:
- name: MEMBER
module.group.google_cloud_identity_group_membership.members["user1@example.com"]:
preferred_member_key:
- id: user1@example.com
namespace: null
roles:
- name: MEMBER
module.group.google_cloud_identity_group_membership.members["user2@example.com"]:
preferred_member_key:
- id: user2@example.com
namespace: null
roles:
- name: MEMBER
counts:
google_cloud_identity_group: 1
google_cloud_identity_group_membership: 3

25
tests/modules/cloud_identity_group/fixture/main.tf
View File

@ -1,25 +0,0 @@
/**
* Copyright 2022 Google LLC
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
module "test" {
source = "../../../../modules/cloud-identity-group"
name = var.name
display_name = var.display_name
description = var.description
customer_id = var.customer_id
managers = var.managers
members = var.members
}

45
tests/modules/cloud_identity_group/fixture/variables.tf
View File

@ -1,45 +0,0 @@
/**
* Copyright 2022 Google LLC
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
variable "display_name" {
type = string
default = "display name"
}
variable "name" {
type = string
default = "my-group@example.com"
}
variable "description" {
type = string
default = null
}
variable "customer_id" {
type = string
default = "customers/C01234567"
}
variable "managers" {
type = list(string)
default = []
}
variable "members" {
type = list(string)
default = []
}

42
tests/modules/cloud_identity_group/test_plan.py
View File

@ -1,42 +0,0 @@
# Copyright 2022 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
from collections import Counter
def test_group(plan_runner):
"Test group."
_, resources = plan_runner()
assert len(resources) == 1
r = resources[0]
assert r['type'] == 'google_cloud_identity_group'
assert r['values']['display_name'] == 'display name'
assert r['values']['group_key'][0]['id'] == 'my-group@example.com'
assert r['values']['parent'] == 'customers/C01234567'
def test_members(plan_runner):
"Test group members."
members = '["member@example.com"]'
_, resources = plan_runner(members=members)
resource_types = Counter([r['type'] for r in resources])
assert resource_types == {
'google_cloud_identity_group': 1,
'google_cloud_identity_group_membership': 1,
}
values = next(r['values'] for r in resources if r['name'] == 'members')
assert values['preferred_member_key'][0]['id'] == 'member@example.com'
assert [role['name'] for role in values['roles']] == ['MEMBER']

59
tests/modules/cloudsql_instance/examples/custom.yaml Normal file
View File

@ -0,0 +1,59 @@
# Copyright 2023 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
values:
module.db.google_sql_database.databases["departments"]:
deletion_policy: DELETE
instance: db
name: departments
project: project-id
module.db.google_sql_database.databases["people"]:
deletion_policy: DELETE
instance: db
name: people
project: project-id
module.db.google_sql_database_instance.primary: {}
module.db.google_sql_user.users["user1"]:
deletion_policy: null
instance: db
name: user1
password_policy: []
project: project-id
type: null
module.db.google_sql_user.users["user2"]:
deletion_policy: null
instance: db
name: user2
password_policy: []
project: project-id
type: null
module.db.random_password.passwords["user1"]:
keepers: null
length: 16
lower: true
min_lower: 0
min_numeric: 0
min_special: 0
min_upper: 0
number: true
numeric: true
override_special: null
special: true
upper: true
counts:
google_sql_database: 2
google_sql_database_instance: 1
google_sql_user: 2
modules: 1

91
tests/modules/cloudsql_instance/examples/public-ip.yaml Normal file
View File

@ -0,0 +1,91 @@
# Copyright 2023 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
values:
module.db.google_sql_database_instance.primary:
database_version: MYSQL_8_0
name: db
project: project-id
region: europe-west1
restore_backup_context: []
settings:
- activation_policy: ALWAYS
active_directory_config: []
availability_type: ZONAL
backup_configuration:
- backup_retention_settings:
- retained_backups: 7
retention_unit: COUNT
binary_log_enabled: true
enabled: true
location: null
point_in_time_recovery_enabled: null
start_time: '23:00'
transaction_log_retention_days: 7
collation: null
database_flags: []
deletion_protection_enabled: null
deny_maintenance_period: []
disk_autoresize: true
disk_autoresize_limit: 0
disk_type: PD_SSD
insights_config: []
ip_configuration:
- allocated_ip_range: null
authorized_networks: []
enable_private_path_for_google_cloud_services: null
ipv4_enabled: true
private_network: projects/xxx/global/networks/aaa
require_ssl: null
maintenance_window: []
password_validation_policy: []
pricing_plan: PER_USE
sql_server_audit_config: []
tier: db-g1-small
time_zone: null
module.db.google_sql_database_instance.replicas["replica1"]:
database_version: MYSQL_8_0
master_instance_name: db
name: replica1
project: project-id
region: europe-west3
settings:
- activation_policy: ALWAYS
active_directory_config: []
availability_type: ZONAL
collation: null
database_flags: []
deletion_protection_enabled: null
deny_maintenance_period: []
disk_autoresize: true
disk_autoresize_limit: 0
disk_type: PD_SSD
insights_config: []
ip_configuration:
- allocated_ip_range: null
authorized_networks: []
enable_private_path_for_google_cloud_services: null
ipv4_enabled: true
private_network: projects/xxx/global/networks/aaa
require_ssl: null
maintenance_window: []
password_validation_policy: []
pricing_plan: PER_USE
sql_server_audit_config: []
tier: db-g1-small
time_zone: null
timeouts: null
counts:
google_sql_database_instance: 2

38
tests/modules/cloudsql_instance/examples/replicas.yaml Normal file
View File

@ -0,0 +1,38 @@
# Copyright 2023 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
values:
module.db.google_sql_database_instance.primary:
clone: []
database_version: POSTGRES_13
name: myprefix-db
project: project-id
region: europe-west1
module.db.google_sql_database_instance.replicas["replica1"]:
clone: []
database_version: POSTGRES_13
master_instance_name: myprefix-db
name: myprefix-replica1
project: project-id
region: europe-west3
module.db.google_sql_database_instance.replicas["replica2"]:
clone: []
database_version: POSTGRES_13
master_instance_name: myprefix-db
name: myprefix-replica2
project: project-id
region: us-central1
counts:
google_sql_database_instance: 3

48
tests/modules/cloudsql_instance/examples/simple.yaml Normal file
View File

@ -0,0 +1,48 @@
# Copyright 2023 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
values:
module.db.google_sql_database_instance.primary:
clone: []
database_version: POSTGRES_13
name: db
project: my-db-project
region: europe-west1
settings:
- activation_policy: ALWAYS
active_directory_config: []
availability_type: ZONAL
collation: null
database_flags: []
deletion_protection_enabled: null
deny_maintenance_period: []
disk_autoresize: true
disk_autoresize_limit: 0
disk_type: PD_SSD
insights_config: []
ip_configuration:
- allocated_ip_range: null
authorized_networks: []
enable_private_path_for_google_cloud_services: null
ipv4_enabled: false
require_ssl: null
maintenance_window: []
password_validation_policy: []
pricing_plan: PER_USE
sql_server_audit_config: []
tier: db-g1-small
time_zone: null
counts:
google_sql_database_instance: 1

38
tests/modules/cloudsql_instance/fixture/main.tf
View File

@ -1,38 +0,0 @@
/**
* Copyright 2022 Google LLC
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
module "test" {
source = "../../../../modules/cloudsql-instance"
project_id = "my-project"
authorized_networks = var.authorized_networks
availability_type = var.availability_type
backup_configuration = var.backup_configuration
database_version = var.database_version
databases = var.databases
disk_size = var.disk_size
disk_type = var.disk_type
flags = var.flags
labels = var.labels
name = var.name
network = var.network
prefix = var.prefix
region = var.region
replicas = var.replicas
users = var.users
tier = var.tier
deletion_protection = var.deletion_protection
ipv4_enabled = var.ipv4_enabled
}

119
tests/modules/cloudsql_instance/fixture/variables.tf
View File

@ -1,119 +0,0 @@
/**
* Copyright 2022 Google LLC
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
variable "authorized_networks" {
type = map(string)
default = null
}
variable "availability_type" {
type = string
default = "ZONAL"
}
variable "backup_configuration" {
type = object({
enabled = bool
binary_log_enabled = bool
start_time = string
location = string
log_retention_days = number
retention_count = number
})
default = {
enabled = false
binary_log_enabled = false
start_time = "23:00"
location = "EU"
log_retention_days = 7
retention_count = 7
}
}
variable "database_version" {
type = string
default = "POSTGRES_13"
}
variable "databases" {
type = list(string)
default = null
}
variable "disk_size" {
type = number
default = null
}
variable "disk_type" {
type = string
default = "PD_SSD"
}
variable "flags" {
type = map(string)
default = null
}
variable "labels" {
type = map(string)
default = null
}
variable "name" {
type = string
default = "db"
}
variable "network" {
type = string
default = "projects/xxx/global/networks/yyy"
}
variable "prefix" {
type = string
default = null
}
variable "region" {
type = string
default = "europe-west1"
}
variable "replicas" {
type = any
default = null
}
variable "users" {
type = map(string)
default = null
}
variable "tier" {
type = string
default = "db-g1-small"
}
variable "deletion_protection" {
type = bool
default = false
}
variable "ipv4_enabled" {
type = bool
default = false
}

152
tests/modules/cloudsql_instance/test_plan.py
View File

@ -1,152 +0,0 @@
# Copyright 2022 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
from collections import Counter
def test_simple_instance(plan_runner):
"Test standalone instance."
_, resources = plan_runner()
assert len(resources) == 1
r = resources[0]
assert r['values']['project'] == 'my-project'
assert r['values']['name'] == 'db'
assert r['values']['region'] == 'europe-west1'
def test_prefix(plan_runner):
"Test instance prefix."
_, resources = plan_runner(prefix="prefix")
assert len(resources) == 1
r = resources[0]
assert r['values']['name'] == 'prefix-db'
replicas = """{
replica1 = { region = "europe-west3", encryption_key_name = null }
replica2 = { region = "us-central1", encryption_key_name = null }
}"""
_, resources = plan_runner(prefix="prefix")
assert len(resources) == 1
r = resources[0]
assert r['values']['name'] == 'prefix-db'
def test_replicas(plan_runner):
"Test replicated instance."
replicas = """{
replica1 = { region = "europe-west3", encryption_key_name = null }
replica2 = { region = "us-central1", encryption_key_name = null }
}"""
_, resources = plan_runner(replicas=replicas, prefix="prefix")
assert len(resources) == 3
primary = [r for r in resources if r['name'] == 'primary'][0]
replica1 = [
r for r in resources
if r['name'] == 'replicas' and r['index'] == 'replica1'
][0]
replica2 = [
r for r in resources
if r['name'] == 'replicas' and r['index'] == 'replica2'
][0]
assert replica1['values']['name'] == 'prefix-replica1'
assert replica2['values']['name'] == 'prefix-replica2'
assert replica1['values']['master_instance_name'] == 'prefix-db'
assert replica2['values']['master_instance_name'] == 'prefix-db'
assert replica1['values']['region'] == 'europe-west3'
assert replica2['values']['region'] == 'us-central1'
def test_mysql_replicas_enables_backup(plan_runner):
"Test MySQL backup setup with replicas."
replicas = """{
replica1 = { region = "europe-west3", encryption_key_name = null }
}"""
_, resources = plan_runner(replicas=replicas, database_version="MYSQL_8_0")
assert len(resources) == 2
primary = [r for r in resources if r['name'] == 'primary'][0]
backup_config = primary['values']['settings'][0]['backup_configuration'][0]
assert backup_config['enabled']
assert backup_config['binary_log_enabled']
def test_mysql_binary_log_for_regional(plan_runner):
"Test that the binary log will be enabled for regional MySQL DBs."
_, resources = plan_runner(database_version="MYSQL_8_0", availability_type="REGIONAL")
assert len(resources) == 1
primary = [r for r in resources if r['name'] == 'primary'][0]
backup_config = primary['values']['settings'][0]['backup_configuration'][0]
assert backup_config['enabled']
assert backup_config['binary_log_enabled']
def test_users(plan_runner):
"Test user creation."
users = """{
user1 = "123"
user2 = null
}"""
_, resources = plan_runner(users=users)
types = Counter(r['type'] for r in resources)
assert types == {
'google_sql_user': 2,
'google_sql_database_instance': 1,
'random_password': 1
}
def test_databases(plan_runner):
"Test database creation."
databases = '["db1", "db2"]'
_, resources = plan_runner(databases=databases)
resources = [r for r in resources if r['type'] == 'google_sql_database']
assert len(resources) == 2
assert all(r['values']['instance'] == "db" for r in resources)
assert sorted(r['values']['name'] for r in resources) == ["db1", "db2"]
def test_simple_instance_ipv4_enable(plan_runner):
"Test instance ipv4_enabled."
_, resources = plan_runner(ipv4_enabled="true")
assert len(resources) == 1
assert resources[0]['values']['settings'][0]['ip_configuration'][0]['ipv4_enabled']
def test_replicas_ipv4_enable(plan_runner):
"Test replicas ipv4_enabled."
replicas = """{
replica1 = { region = "europe-west3", encryption_key_name = null }
}"""
_, resources = plan_runner(replicas=replicas, ipv4_enabled="true")
assert len(resources) == 2
assert all([r['values']['settings'][0]['ip_configuration'][0]['ipv4_enabled'] for r in resources])

27
tests/modules/container_registry/examples/simple.yaml Normal file
View File

@ -0,0 +1,27 @@
# Copyright 2023 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
values:
module.container_registry.google_container_registry.registry:
location: EU
project: myproject
module.container_registry.google_storage_bucket_iam_binding.bindings["roles/storage.admin"]:
condition: []
members:
- group:cicd@example.com
role: roles/storage.admin
counts:
google_container_registry: 1
google_storage_bucket_iam_binding: 1

24
tests/modules/container_registry/fixture/main.tf
View File

@ -1,24 +0,0 @@
/**
* Copyright 2022 Google LLC
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
module "test" {
source = "../../../../modules/container-registry"
project_id = "my-project"
location = var.location
iam = {
"roles/storage.admin" = ["user:me@example.com"]
}
}

20
tests/modules/container_registry/fixture/variables.tf
View File

@ -1,20 +0,0 @@
/**
* Copyright 2022 Google LLC
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
variable "location" {
type = string
default = "EU"
}

13
tests/modules/endpoints/__init__.py
View File

@ -1,13 +0,0 @@
# Copyright 2022 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

32
tests/modules/endpoints/examples/simple.yaml Normal file
View File

@ -0,0 +1,32 @@
# Copyright 2023 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
values:
module.endpoint.google_endpoints_service.default:
openapi_config: "# tftest-file id=openapi path=configs/endpoints/openapi.yaml\n\
swagger: \"2.0\"\ninfo:\n description: \"A simple Google Cloud Endpoints API\
\ example.\"\n title: \"Endpoints Example\"\n version: \"1.0.0\"\nhost: \"\
echo-api.endpoints.YOUR-PROJECT-ID.cloud.goog\"\n"
project: my-project
service_name: YOUR-API.endpoints.YOUR-PROJECT-ID.cloud.goog
module.endpoint.google_endpoints_service_iam_binding.default["servicemanagement.serviceController"]:
condition: []
members:
- serviceAccount:123456890-compute@developer.gserviceaccount.com
role: servicemanagement.serviceController
service_name: YOUR-API.endpoints.YOUR-PROJECT-ID.cloud.goog
counts:
google_endpoints_service: 1
google_endpoints_service_iam_binding: 1

25
tests/modules/endpoints/fixture/main.tf
View File

@ -1,25 +0,0 @@
/**
* Copyright 2022 Google LLC
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
module "test" {
source = "../../../../modules/endpoints"
project_id = "my-project"
service_name = var.service_name
openapi_config = { "yaml_path" = "openapi.yaml" }
iam = {
"roles/servicemanagement.serviceController" = ["user:me@example.com"]
}
}

13
tests/modules/endpoints/fixture/openapi.yaml
View File

@ -1,13 +0,0 @@
# Copyright 2022 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

20
tests/modules/endpoints/fixture/variables.tf
View File

@ -1,20 +0,0 @@
/**
* Copyright 2022 Google LLC
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
variable "service_name" {
type = string
default = "foo.endpoints.test.cloud.goog"
}

13
tests/modules/logging_bucket/__init__.py
View File

@ -1,13 +0,0 @@
# Copyright 2022 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

35
tests/modules/container_registry/test_plan.py → tests/modules/logging_bucket/examples/org-ba.yaml
View File

@ -1,4 +1,4 @@
# Copyright 2022 Google LLC
# Copyright 2023 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@ -12,23 +12,18 @@
# See the License for the specific language governing permissions and
# limitations under the License.
import pytest
values:
module.bucket-billing-account.google_logging_billing_account_bucket_config.bucket[0]:
billing_account: '012345'
bucket_id: mybucket
location: global
retention_days: 30
module.bucket-organization.google_logging_organization_bucket_config.bucket[0]:
bucket_id: mybucket
location: global
organization: organizations/012345
retention_days: 30
@pytest.fixture
def resources(plan_runner):
_, resources = plan_runner()
return resources
def test_resource_count(resources):
"Test number of resources created."
assert len(resources) == 2
def test_iam(resources):
"Test IAM binding resources."
bindings = [r['values'] for r in resources if r['type']
== 'google_storage_bucket_iam_binding']
assert len(bindings) == 1
assert bindings[0]['role'] == 'roles/storage.admin'
counts:
google_logging_billing_account_bucket_config: 1
google_logging_organization_bucket_config: 1

12
tests/modules/cloudsql_instance/__init__.py → tests/modules/logging_bucket/examples/project.yaml
View File

@ -1,4 +1,4 @@
# Copyright 2022 Google LLC
# Copyright 2023 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@ -11,3 +11,13 @@
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
values:
module.bucket.google_logging_project_bucket_config.bucket[0]:
bucket_id: mybucket
location: global
project: project-id
retention_days: 30
counts:
google_logging_project_bucket_config: 1

26
tests/modules/logging_bucket/examples/retention.yaml Normal file
View File

@ -0,0 +1,26 @@
# Copyright 2023 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
values:
module.bucket-default.google_logging_folder_bucket_config.bucket[0]:
bucket_id: _Default
location: global
retention_days: 10
module.folder.google_folder.folder[0]:
display_name: my folder
parent: folders/657104291943
counts:
google_folder: 1
google_logging_folder_bucket_config: 1

24
tests/modules/logging_bucket/fixture/main.tf
View File

@ -1,24 +0,0 @@
/**
* Copyright 2022 Google LLC
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
module "test" {
source = "../../../../modules/logging-bucket"
parent_type = var.parent_type
parent = var.parent
id = var.id
retention = var.retention
location = var.location
}

42
tests/modules/logging_bucket/fixture/variables.tf
View File

@ -1,42 +0,0 @@
/**
* Copyright 2022 Google LLC
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
variable "parent" {
type = string
}
variable "parent_type" {
type = string
validation {
condition = contains(["project", "folder", "organization", "billing_account"], var.parent_type)
error_message = "Parent type must be project, folder, organization or billing_account."
}
}
variable "location" {
type = string
default = "global"
}
variable "id" {
type = string
default = "mybucket"
}
variable "retention" {
type = number
default = 30
}

79
tests/modules/logging_bucket/test_plan.py
View File

@ -1,79 +0,0 @@
# Copyright 2022 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
def test_project_logging_bucket(plan_runner):
"Test project logging bucket."
_, resources = plan_runner(parent_type="project", parent="myproject")
assert len(resources) == 1
resource = resources[0]
assert resource["type"] == "google_logging_project_bucket_config"
assert resource["values"] == {
"bucket_id": "mybucket",
"cmek_settings": [],
"enable_analytics": None,
"project": "myproject",
"location": "global",
"retention_days": 30,
}
def test_folder_logging_bucket(plan_runner):
"Test project logging bucket."
_, resources = plan_runner(parent_type="folder", parent="folders/0123456789")
assert len(resources) == 1
resource = resources[0]
assert resource["type"] == "google_logging_folder_bucket_config"
assert resource["values"] == {
"bucket_id": "mybucket",
"cmek_settings": [],
"folder": "folders/0123456789",
"location": "global",
"retention_days": 30,
}
def test_organization_logging_bucket(plan_runner):
"Test project logging bucket."
_, resources = plan_runner(parent_type="organization",
parent="organizations/0123456789")
assert len(resources) == 1
resource = resources[0]
assert resource["type"] == "google_logging_organization_bucket_config"
assert resource["values"] == {
"bucket_id": "mybucket",
"cmek_settings": [],
"organization": "organizations/0123456789",
"location": "global",
"retention_days": 30,
}
def test_billing_account_logging_bucket(plan_runner):
"Test project logging bucket."
_, resources = plan_runner(parent_type="billing_account", parent="0123456789")
assert len(resources) == 1
resource = resources[0]
assert resource["type"] == "google_logging_billing_account_bucket_config"
assert resource["values"] == {
"bucket_id": "mybucket",
"cmek_settings": [],
"billing_account": "0123456789",
"location": "global",
"retention_days": 30,
}

13
tests/modules/pubsub/__init__.py
View File

@ -1,13 +0,0 @@
# Copyright 2022 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

31
tests/modules/pubsub/examples/bigquery-subscription.yaml Normal file
View File

@ -0,0 +1,31 @@
# Copyright 2023 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
values:
module.pubsub.google_pubsub_subscription.default["test-bigquery"]:
bigquery_config:
- drop_unknown_fields: true
table: my_project_id:my_dataset.my_table
use_topic_schema: true
write_metadata: false
name: test-bigquery
project: my-project
topic: my-topic
module.pubsub.google_pubsub_topic.default:
name: my-topic
project: my-project
counts:
google_pubsub_subscription: 1
google_pubsub_topic: 1

30
tests/modules/pubsub/examples/push-subscription.yaml Normal file
View File

@ -0,0 +1,30 @@
# Copyright 2023 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
values:
module.pubsub.google_pubsub_subscription.default["test-push"]:
name: test-push
project: my-project
push_config:
- attributes: null
oidc_token: []
push_endpoint: https://example.com/foo
topic: my-topic
module.pubsub.google_pubsub_topic.default:
name: my-topic
project: my-project
counts:
google_pubsub_subscription: 1
google_pubsub_topic: 1

35
tests/modules/endpoints/test_plan.py → tests/modules/pubsub/examples/schema.yaml
View File

@ -1,4 +1,4 @@
# Copyright 2022 Google LLC
# Copyright 2023 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@ -12,23 +12,18 @@
# See the License for the specific language governing permissions and
# limitations under the License.
import pytest
values:
module.topic_with_schema.google_pubsub_schema.default[0]:
definition: '{"fields":[{"name":"StringField","type":"string"},{"name":"FloatField","type":"float"},{"name":"BooleanField","type":"boolean"}],"name":"Avro","type":"record"}'
name: my-topic-schema
project: my-project
type: AVRO
module.topic_with_schema.google_pubsub_topic.default:
name: my-topic
project: my-project
schema_settings:
- encoding: JSON
@pytest.fixture
def resources(plan_runner):
_, resources = plan_runner()
return resources
def test_resource_count(resources):
"Test number of resources created."
assert len(resources) == 2
def test_iam(resources):
"Test IAM binding resources."
bindings = [r['values'] for r in resources if r['type']
== 'google_endpoints_service_iam_binding']
assert len(bindings) == 1
assert bindings[0]['role'] == 'roles/servicemanagement.serviceController'
counts:
google_pubsub_schema: 1
google_pubsub_topic: 1

36
tests/modules/pubsub/examples/simple.yaml Normal file
View File

@ -0,0 +1,36 @@
# Copyright 2023 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
values:
module.pubsub.google_pubsub_topic.default:
name: my-topic
project: my-project
module.pubsub.google_pubsub_topic_iam_binding.default["roles/pubsub.subscriber"]:
condition: []
members:
- user:user1@example.com
project: my-project
role: roles/pubsub.subscriber
topic: my-topic
module.pubsub.google_pubsub_topic_iam_binding.default["roles/pubsub.viewer"]:
condition: []
members:
- group:foo@example.com
project: my-project
role: roles/pubsub.viewer
topic: my-topic
counts:
google_pubsub_topic: 1
google_pubsub_topic_iam_binding: 2

27
tests/modules/pubsub/examples/subscription-iam.yaml Normal file
View File

@ -0,0 +1,27 @@
# Copyright 2023 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
values:
module.pubsub.google_pubsub_subscription_iam_binding.default["test-1.roles/pubsub.subscriber"]:
condition: []
members:
- user:user1@ludomagno.net
project: my-project
role: roles/pubsub.subscriber
subscription: test-1
counts:
google_pubsub_subscription: 1
google_pubsub_subscription_iam_binding: 1
google_pubsub_topic: 1

51
tests/modules/pubsub/examples/subscriptions.yaml Normal file
View File

@ -0,0 +1,51 @@
# Copyright 2023 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
values:
module.pubsub.google_pubsub_subscription.default["test-pull"]:
bigquery_config: []
dead_letter_policy: []
enable_exactly_once_delivery: null
enable_message_ordering: null
filter: null
labels: null
message_retention_duration: 604800s
name: test-pull
project: my-project
push_config: []
retain_acked_messages: null
retry_policy: []
topic: my-topic
module.pubsub.google_pubsub_subscription.default["test-pull-override"]:
bigquery_config: []
dead_letter_policy: []
enable_exactly_once_delivery: null
enable_message_ordering: null
filter: null
labels:
test: override
message_retention_duration: 604800s
name: test-pull-override
project: my-project
push_config: []
retain_acked_messages: true
retry_policy: []
topic: my-topic
module.pubsub.google_pubsub_topic.default:
name: my-topic
project: my-project
counts:
google_pubsub_subscription: 2
google_pubsub_topic: 1

34
tests/modules/pubsub/fixture/main.tf
View File

@ -1,34 +0,0 @@
/**
* Copyright 2022 Google LLC
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
module "test" {
source = "../../../../modules/pubsub"
project_id = "my-project"
regions = ["europe-west1"]
name = "test"
iam = {
"roles/pubsub.publisher" = ["user:me@example.com"]
}
subscriptions = {
test = null
}
subscription_iam = {
test = {
"roles/pubsub.subscriber" = ["user:me@example.com"]
}
}
labels = var.labels
}

20
tests/modules/pubsub/fixture/variables.tf
View File

@ -1,20 +0,0 @@
/**
* Copyright 2022 Google LLC
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
variable "labels" {
type = map(string)
default = {}
}

50
tests/modules/pubsub/test_plan.py
View File

@ -1,50 +0,0 @@
# Copyright 2022 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
import pytest
@pytest.fixture
def resources(plan_runner):
_, resources = plan_runner()
return resources
def test_resource_count(resources):
"Test number of resources created."
assert len(resources) == 4
def test_iam(resources):
"Test IAM binding resources."
bindings = [r['values'] for r in resources if r['type']
== 'google_pubsub_topic_iam_binding']
assert len(bindings) == 1
assert bindings[0]['role'] == 'roles/pubsub.publisher'
def test_subscriptions(resources):
"Test subscription resources."
subs = [r['values'] for r in resources if r['type']
== 'google_pubsub_subscription']
assert len(subs) == 1
assert set(s['name'] for s in subs) == set(['test'])
def test_subscription_iam(resources):
"Test subscription IAM binding resources."
bindings = [r['values'] for r in resources if r['type']
== 'google_pubsub_subscription_iam_binding']
assert len(bindings) == 1
assert set(b['role'] for b in bindings) == set(['roles/pubsub.subscriber'])

13
tests/modules/secret_manager/__init__.py
View File

@ -1,13 +0,0 @@
# Copyright 2022 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

46
tests/modules/secret_manager/examples/iam.yaml Normal file
View File

@ -0,0 +1,46 @@
# Copyright 2023 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
values:
module.secret-manager.google_secret_manager_secret.default["test-auto"]:
project: my-project
replication:
- automatic: true
user_managed: []
secret_id: test-auto
module.secret-manager.google_secret_manager_secret.default["test-manual"]:
project: my-project
replication:
- automatic: null
user_managed:
- replicas:
- customer_managed_encryption: []
location: europe-west1
- customer_managed_encryption: []
location: europe-west4
secret_id: test-manual
module.secret-manager.google_secret_manager_secret_iam_binding.default["test-auto.roles/secretmanager.secretAccessor"]:
condition: []
members:
- group:auto-readers@example.com
role: roles/secretmanager.secretAccessor
module.secret-manager.google_secret_manager_secret_iam_binding.default["test-manual.roles/secretmanager.secretAccessor"]:
condition: []
members:
- group:manual-readers@example.com
role: roles/secretmanager.secretAccessor
counts:
google_secret_manager_secret: 2
google_secret_manager_secret_iam_binding: 2

28
tests/modules/secret_manager/examples/versions.yaml Normal file
View File

@ -0,0 +1,28 @@
# Copyright 2023 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
values:
module.secret-manager.google_secret_manager_secret_version.default["test-auto:v1"]:
enabled: false
secret_data: auto foo bar baz
module.secret-manager.google_secret_manager_secret_version.default["test-auto:v2"]:
enabled: true
secret_data: auto foo bar spam
module.secret-manager.google_secret_manager_secret_version.default["test-manual:v1"]:
enabled: true
secret_data: manual foo bar spam
counts:
google_secret_manager_secret: 2
google_secret_manager_secret_version: 3

42
tests/modules/secret_manager/fixture/main.tf
View File

@ -1,42 +0,0 @@
/**
* Copyright 2022 Google LLC
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
module "test" {
source = "../../../../modules/secret-manager"
project_id = "my-project"
iam = {
secret-1 = {
"roles/secretmanager.secretAccessor" = [
"serviceAccount:service-account.example.com"
]
}
secret-2 = {
"roles/secretmanager.viewer" = [
"serviceAccount:service-account.example.com"
]
}
}
secrets = {
secret-1 = ["europe-west1"],
secret-2 = null
}
versions = {
secret-1 = {
foobar = { enabled = true, data = "foobar" }
}
}
labels = var.labels
}

20
tests/modules/secret_manager/fixture/variables.tf
View File

@ -1,20 +0,0 @@
/**
* Copyright 2022 Google LLC
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
variable "labels" {
type = map(map(string))
default = {}
}

36
tests/modules/secret_manager/test_plan.py
View File

@ -1,36 +0,0 @@
# Copyright 2022 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
import pytest
@pytest.fixture
def resources(plan_runner):
_, resources = plan_runner()
return resources
def test_resource_count(resources):
"Test number of resources created."
assert len(resources) == 5
def test_secret_iam(resources):
"Test secret IAM binding resources."
bindings = [r['values'] for r in resources if r['type']
== 'google_secret_manager_secret_iam_binding']
assert len(bindings) == 2
assert set(b['role'] for b in bindings) == set([
'roles/secretmanager.secretAccessor', 'roles/secretmanager.viewer'
])

13
tests/modules/service_directory/__init__.py
View File

@ -1,13 +0,0 @@
# Copyright 2022 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

35
tests/modules/service_directory/examples/dns.yaml Normal file
View File

@ -0,0 +1,35 @@
# Copyright 2023 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
values:
module.dns-sd.google_dns_managed_zone.non-public[0]:
dns_name: apps.example.org.
visibility: private
module.service-directory.google_service_directory_endpoint.default["app1/one"]:
address: 127.0.0.1
endpoint_id: one
port: 80
module.service-directory.google_service_directory_namespace.default:
location: europe-west1
namespace_id: apps
project: my-project
module.service-directory.google_service_directory_service.default["app1"]:
service_id: app1
counts:
google_dns_managed_zone: 1
google_service_directory_endpoint: 1
google_service_directory_namespace: 1
google_service_directory_namespace_iam_binding: 1
google_service_directory_service: 1

36
tests/modules/service_directory/examples/services.yaml Normal file
View File

@ -0,0 +1,36 @@
# Copyright 2023 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
values:
module.service-directory.google_service_directory_endpoint.default["one/first"]:
address: 127.0.0.1
endpoint_id: first
port: 80
module.service-directory.google_service_directory_endpoint.default["one/second"]:
address: 127.0.0.2
endpoint_id: second
port: 80
module.service-directory.google_service_directory_namespace.default:
location: europe-west1
namespace_id: sd-1
project: my-project
module.service-directory.google_service_directory_service.default["one"]:
metadata: null
service_id: one
counts:
google_service_directory_endpoint: 2
google_service_directory_namespace: 1
google_service_directory_service: 1
google_service_directory_service_iam_binding: 1

33
tests/modules/service_directory/examples/simple.yaml Normal file
View File

@ -0,0 +1,33 @@
# Copyright 2023 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
values:
module.service-directory.google_service_directory_namespace.default:
labels: null
location: europe-west1
namespace_id: sd-1
project: my-project
module.service-directory.google_service_directory_namespace_iam_binding.default["roles/servicedirectory.editor"]:
condition: []
members:
- serviceAccount:namespace-editor@example.com
role: roles/servicedirectory.editor
counts:
google_service_directory_namespace: 1
google_service_directory_namespace_iam_binding: 1
modules: 1
resources: 2
outputs: {}

55
tests/modules/service_directory/fixture/main.tf
View File

@ -1,55 +0,0 @@
/**
* Copyright 2022 Google LLC
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
module "test" {
source = "../../../../modules/service-directory"
project_id = "my-project"
location = "europe-west1"
name = "ns-test"
iam = {
"roles/servicedirectory.viewer" = [
"serviceAccount:service-editor.example.com"
]
}
services = {
srv-one = {
endpoints = ["alpha", "beta"]
metadata = null
}
srv-two = {
endpoints = ["alpha"]
metadata = null
}
}
service_iam = {
srv-one = {
"roles/servicedirectory.editor" = [
"serviceAccount:service-editor.example.com"
]
}
srv-two = {
"roles/servicedirectory.admin" = [
"serviceAccount:service-editor.example.com"
]
}
}
endpoint_config = {
"srv-one/alpha" = { address = "127.0.0.1", port = 80, metadata = {} }
"srv-one/beta" = { address = "127.0.0.2", port = 80, metadata = {} }
"srv-two/alpha" = { address = "127.0.0.3", port = 80, metadata = {} }
}
labels = var.labels
}

20
tests/modules/service_directory/fixture/variables.tf
View File

@ -1,20 +0,0 @@
/**
* Copyright 2022 Google LLC
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
variable "labels" {
type = map(string)
default = {}
}

52
tests/modules/service_directory/test_plan.py
View File

@ -1,52 +0,0 @@
# Copyright 2022 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
import pytest
@pytest.fixture
def resources(plan_runner):
_, resources = plan_runner()
return resources
def test_resource_count(resources):
"Test number of resources created."
assert len(resources) == 9
def test_iam(resources):
"Test IAM binding resources."
bindings = [r['values'] for r in resources if r['type']
== 'google_service_directory_namespace_iam_binding']
assert len(bindings) == 1
assert bindings[0]['role'] == 'roles/servicedirectory.viewer'
def test_services(resources):
"Test service resources."
services = [r['values'] for r in resources if r['type']
== 'google_service_directory_service']
assert len(services) == 2
assert set(s['service_id'] for s in services) == set(['srv-one', 'srv-two'])
def test_service_iam(resources):
"Test service IAM binding resources."
bindings = [r['values'] for r in resources if r['type']
== 'google_service_directory_service_iam_binding']
assert len(bindings) == 2
assert set(b['role'] for b in bindings) == set([
'roles/servicedirectory.admin', 'roles/servicedirectory.editor'
])

13
tests/modules/source_repository/__init__.py
View File

@ -1,13 +0,0 @@
# Copyright 2022 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

30
tests/modules/source_repository/examples/simple.yaml Normal file
View File

@ -0,0 +1,30 @@
# Copyright 2023 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
values:
module.repo.google_sourcerepo_repository.default:
name: my-repo
project: my-project
pubsub_configs: []
module.repo.google_sourcerepo_repository_iam_binding.authoritative["roles/source.reader"]:
condition: []
members:
- user:foo@example.com
project: my-project
repository: my-repo
role: roles/source.reader
counts:
google_sourcerepo_repository: 1
google_sourcerepo_repository_iam_binding: 1

40
tests/modules/source_repository/examples/trigger.yaml Normal file
View File

@ -0,0 +1,40 @@
# Copyright 2023 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
values:
module.repo.google_cloudbuild_trigger.default["foo"]:
filename: ci/workflow-foo.yaml
included_files:
- '**/*tf'
location: global
name: foo
project: my-project
substitutions:
BAR: '1'
trigger_template:
- branch_name: main
commit_sha: null
dir: null
invert_regex: null
repo_name: my-repo
tag_name: null
webhook_config: []
module.repo.google_sourcerepo_repository.default:
name: my-repo
project: my-project
pubsub_configs: []
counts:
google_cloudbuild_trigger: 1
google_sourcerepo_repository: 1

65
tests/modules/source_repository/fixture/main.tf
View File

@ -1,65 +0,0 @@
/**
* Copyright 2022 Google LLC
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
variable "group_iam" {
type = any
default = {}
}
variable "iam" {
type = any
default = {}
nullable = false
}
variable "iam_additive" {
type = any
default = {}
nullable = false
}
variable "iam_additive_members" {
type = any
default = {}
}
variable "name" {
description = "Repository name."
type = string
default = "test"
}
variable "project_id" {
description = "Project used for resources."
type = string
default = "test"
}
variable "triggers" {
type = any
default = null
}
module "test" {
source = "../../../../modules/source-repository"
project_id = var.project_id
name = var.name
group_iam = var.group_iam
iam = var.iam
iam_additive = var.iam_additive
iam_additive_members = var.iam_additive_members
triggers = var.triggers
}

60
tests/modules/source_repository/test_plan.py
View File

@ -1,60 +0,0 @@
# Copyright 2022 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
def test_resource_count(plan_runner):
'Test number of resources created.'
_, resources = plan_runner()
assert len(resources) == 1
def test_iam(plan_runner):
'Test IAM binding resources.'
group_iam = '{"fooers@example.org"=["roles/owner"]}'
iam = '''{
"roles/editor" = ["user:a@example.org", "user:b@example.org"]
"roles/owner" = ["user:c@example.org"]
}'''
_, resources = plan_runner(group_iam=group_iam, iam=iam)
bindings = {
r['values']['role']: r['values']['members']
for r in resources
if r['type'] == 'google_sourcerepo_repository_iam_binding'
}
assert bindings == {
'roles/editor': ['user:a@example.org', 'user:b@example.org'],
'roles/owner': ['group:fooers@example.org', 'user:c@example.org']
}
def test_triggers(plan_runner):
'Test trigger resources.'
triggers = '''{
foo = {
filename = "ci/foo.yaml"
included_files = ["**/*yaml"]
service_account = null
substitutions = null
template = {
branch_name = null
project_id = null
tag_name = "foo"
}
}
}'''
_, resources = plan_runner(triggers=triggers)
triggers = [
r['index'] for r in resources if r['type'] == 'google_cloudbuild_trigger'
]
assert triggers == ['foo']

13
tests/modules/vpc_sc/__init__.py
View File

@ -1,13 +0,0 @@
# Copyright 2022 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

56
tests/modules/vpc_sc/examples/access-levels.yaml Normal file
View File

@ -0,0 +1,56 @@
# Copyright 2023 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
values:
module.test.google_access_context_manager_access_level.basic["a1"]:
basic:
- combining_function: AND
conditions:
- device_policy: []
ip_subnetworks: []
members:
- user:user1@example.com
negate: null
regions: []
required_access_levels: []
custom: []
name: accessPolicies/12345678/accessLevels/a1
parent: accessPolicies/12345678
title: a1
module.test.google_access_context_manager_access_level.basic["a2"]:
basic:
- combining_function: OR
conditions:
- device_policy: []
ip_subnetworks:
- 101.101.101.0/24
members: []
negate: null
regions: []
required_access_levels: []
- device_policy: []
ip_subnetworks: []
members: []
negate: null
regions:
- IT
- FR
required_access_levels: []
custom: []
name: accessPolicies/12345678/accessLevels/a2
parent: accessPolicies/12345678
title: a2
counts:
google_access_context_manager_access_level: 2

11
tests/modules/bigtable_instance/__init__.py → tests/modules/vpc_sc/examples/access-policy.yaml
View File

@ -1,4 +1,4 @@
# Copyright 2022 Google LLC
# Copyright 2023 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@ -11,3 +11,12 @@
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
values:
module.test.google_access_context_manager_access_policy.default[0]:
parent: organizations/123456
scopes: null
title: vpcsc-policy
counts:
google_access_context_manager_access_policy: 1

58
tests/modules/vpc_sc/examples/bridge.yaml Normal file
View File

@ -0,0 +1,58 @@
# Copyright 2023 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
values:
module.test.google_access_context_manager_service_perimeter.bridge["b1"]:
description: null
name: accessPolicies/12345678/servicePerimeters/b1
parent: accessPolicies/12345678
perimeter_type: PERIMETER_TYPE_BRIDGE
spec: []
status:
- access_levels: null
egress_policies: []
ingress_policies: []
resources:
- projects/111110
- projects/111111
restricted_services: null
vpc_accessible_services: []
title: b1
use_explicit_dry_run_spec: false
module.test.google_access_context_manager_service_perimeter.bridge["b2"]:
description: null
name: accessPolicies/12345678/servicePerimeters/b2
parent: accessPolicies/12345678
perimeter_type: PERIMETER_TYPE_BRIDGE
spec:
- access_levels: null
egress_policies: []
ingress_policies: []
resources:
- projects/222220
- projects/222221
restricted_services: null
vpc_accessible_services: []
status:
- access_levels: null
egress_policies: []
ingress_policies: []
resources: []
restricted_services: null
vpc_accessible_services: []
title: b2
use_explicit_dry_run_spec: true
counts:
google_access_context_manager_service_perimeter: 2

93
tests/modules/vpc_sc/examples/regular.yaml Normal file
View File

@ -0,0 +1,93 @@
# Copyright 2023 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
values:
module.test.google_access_context_manager_access_level.basic["a1"]:
basic:
- combining_function: AND
conditions:
- device_policy: []
ip_subnetworks: []
members:
- user:user1@example.com
negate: null
regions: []
required_access_levels: []
custom: []
name: accessPolicies/12345678/accessLevels/a1
parent: accessPolicies/12345678
title: a1
module.test.google_access_context_manager_access_level.basic["a2"]:
basic:
- combining_function: AND
conditions:
- device_policy: []
ip_subnetworks: []
members:
- user:user2@example.com
negate: null
regions: []
required_access_levels: []
custom: []
name: accessPolicies/12345678/accessLevels/a2
parent: accessPolicies/12345678
title: a2
module.test.google_access_context_manager_service_perimeter.regular["r1"]:
name: accessPolicies/12345678/servicePerimeters/r1
parent: accessPolicies/12345678
perimeter_type: PERIMETER_TYPE_REGULAR
spec: []
status:
- egress_policies:
- egress_from:
- identities:
- serviceAccount:foo@myproject.iam.gserviceaccount.com
identity_type: ANY_IDENTITY
egress_to:
- external_resources: null
operations:
- method_selectors:
- method: '*'
permission: null
service_name: storage.googleapis.com
resources:
- projects/123456789
ingress_policies:
- ingress_from:
- identities:
- serviceAccount:test-tf@myproject.iam.gserviceaccount.com
identity_type: null
sources:
- resource: null
ingress_to:
- operations:
- method_selectors: []
service_name: '*'
resources:
- '*'
resources:
- projects/11111
- projects/111111
restricted_services:
- storage.googleapis.com
vpc_accessible_services:
- allowed_services:
- storage.googleapis.com
enable_restriction: true
title: r1
use_explicit_dry_run_spec: false
counts:
google_access_context_manager_access_level: 2
google_access_context_manager_service_perimeter: 1

12
tests/modules/cloud_identity_group/__init__.py → tests/modules/vpc_sc/examples/scoped-access-policy.yaml
View File

@ -1,4 +1,4 @@
# Copyright 2022 Google LLC
# Copyright 2023 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@ -11,3 +11,13 @@
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
values:
module.test.google_access_context_manager_access_policy.default[0]:
parent: organizations/123456
scopes:
- folders/456789
title: vpcsc-policy
counts:
google_access_context_manager_access_policy: 1

26
tests/modules/vpc_sc/fixture/main.tf
View File

@ -1,26 +0,0 @@
/**
* Copyright 2022 Google LLC
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
module "test" {
source = "../../../../modules/vpc-sc"
access_policy = var.access_policy
access_policy_create = var.access_policy_create
access_levels = var.access_levels
egress_policies = var.egress_policies
ingress_policies = var.ingress_policies
service_perimeters_bridge = var.service_perimeters_bridge
service_perimeters_regular = var.service_perimeters_regular
}

96
tests/modules/vpc_sc/fixture/test.regular.tfvars
View File

@ -1,96 +0,0 @@
access_levels = {
a1 = {
combining_function = null
conditions = [
{
device_policy = null
ip_subnetworks = null
members = ["user:ludomagno@google.com"]
negate = null
regions = null
required_access_levels = null
}
]
}
a2 = {
combining_function = "OR"
conditions = [
{
device_policy = null
ip_subnetworks = null
members = null
negate = null
regions = ["IT", "FR"]
required_access_levels = null
},
{
device_policy = null
ip_subnetworks = null
members = null
negate = null
regions = ["US"]
required_access_levels = null
}
]
}
}
egress_policies = {
foo = {
from = {
identities = ["user:foo@example.com"]
}
to = {
resources = ["projects/333330"]
}
}
}
ingress_policies = {
foo = {
from = {
source_access_levels = ["a2"]
source_resources = ["projects/333330"]
}
to = {
operations = [{
service_name = "compute.googleapis.com"
}]
resources = ["projects/222220"]
}
}
}
service_perimeters_bridge = {
b1 = {
status_resources = ["projects/111110", "projects/111111"]
}
b2 = {
status_resources = ["projects/111110", "projects/222220"]
spec_resources = ["projects/111110", "projects/222220"]
use_explicit_dry_run_spec = true
}
}
service_perimeters_regular = {
r1 = {
status = {
access_levels = ["a1"]
resources = ["projects/11111", "projects/111111"]
restricted_services = ["storage.googleapis.com"]
vpc_accessible_services = {
allowed_services = ["compute.googleapis.com"]
enable_restriction = true
}
}
}
r2 = {
status = {
access_levels = ["a1", "a2"]
resources = ["projects/222220", "projects/222221"]
restricted_services = ["storage.googleapis.com"]
egress_policies = ["foo"]
ingress_policies = ["foo"]
vpc_accessible_services = {
allowed_services = ["compute.googleapis.com"]
enable_restriction = true
}
}
}
}

53
tests/modules/vpc_sc/fixture/variables.tf
View File

@ -1,53 +0,0 @@
/**
* Copyright 2022 Google LLC
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
variable "access_levels" {
type = any
default = {}
nullable = false
}
variable "access_policy" {
type = string
}
variable "access_policy_create" {
type = any
default = null
}
variable "egress_policies" {
type = any
default = {}
nullable = false
}
variable "ingress_policies" {
type = any
default = {}
nullable = false
}
variable "service_perimeters_bridge" {
type = any
default = {}
}
variable "service_perimeters_regular" {
type = any
default = {}
nullable = false
}

45
tests/modules/vpc_sc/test_plan.py
View File

@ -1,45 +0,0 @@
# Copyright 2022 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
import collections
def test_create_policy(plan_runner):
"Test with auto-created policy."
access_policy_create = '''{
parent = "organizations/123456"
title = "vpcsc-policy"
}'''
_, resources = plan_runner(tf_var_file='test.regular.tfvars',
access_policy='null',
access_policy_create=access_policy_create)
counts = collections.Counter(f'{r["type"]}.{r["name"]}' for r in resources)
assert counts == {
'google_access_context_manager_access_level.basic': 2,
'google_access_context_manager_access_policy.default': 1,
'google_access_context_manager_service_perimeter.bridge': 2,
'google_access_context_manager_service_perimeter.regular': 2
}
def test_use_policy(plan_runner):
"Test with existing policy."
_, resources = plan_runner(tf_var_file='test.regular.tfvars',
access_policy="accessPolicies/foobar")
counts = collections.Counter(f'{r["type"]}.{r["name"]}' for r in resources)
assert counts == {
'google_access_context_manager_access_level.basic': 2,
'google_access_context_manager_service_perimeter.bridge': 2,
'google_access_context_manager_service_perimeter.regular': 2
}