From d9cd46d8a7715a38dbc287a7ac90fbdde2b37e94 Mon Sep 17 00:00:00 2001 From: Thangaraju Rajasekaran Date: Wed, 29 Nov 2023 23:19:25 +0000 Subject: [PATCH] fixed e2e test for shared-vpc and subnet-iam --- modules/net-vpc/README.md | 37 ++++++++------ tests/examples/variables.tf | 16 ------ .../setup_module/e2e_tests.tfvars.tftpl | 8 +-- tests/examples_e2e/setup_module/main.tf | 49 ++----------------- tests/examples_e2e/setup_module/variables.tf | 3 -- .../modules/net_vpc/examples/shared-vpc.yaml | 13 +++-- .../modules/net_vpc/examples/subnet-iam.yaml | 3 +- 7 files changed, 33 insertions(+), 96 deletions(-) diff --git a/modules/net-vpc/README.md b/modules/net-vpc/README.md index 8994ab70..7bc1d402 100644 --- a/modules/net-vpc/README.md +++ b/modules/net-vpc/README.md @@ -114,7 +114,7 @@ module "vpc" { ip_cidr_range = "10.0.1.0/24" iam = { "roles/compute.networkUser" = [ - "user:${var.user_email}", "group:${var.group_email}" + "group:${var.group_email}" ] } iam_bindings = { @@ -134,7 +134,7 @@ module "vpc" { ip_cidr_range = "10.0.2.0/24" iam_bindings_additive = { subnet-2-iam = { - member = "user:${var.user_email}" + member = "group:${var.group_email}" role = "roles/compute.networkUser" subnet = "europe-west1/subnet-2" } @@ -185,14 +185,21 @@ module "vpc-spoke-1" { [Shared VPC](https://cloud.google.com/vpc/docs/shared-vpc) is a project-level functionality which enables a project to share its VPCs with other projects. The `shared_vpc_host` variable is here to help with rapid prototyping, we recommend leveraging the project module for production usage. ```hcl -locals { - service_project_1 = { - project_id = var.service_project_1.project_id - gke_service_account = "serviceAccount:${var.service_account.email}" - cloud_services_service_account = "serviceAccount:${var.service_account.email}" - } - service_project_2 = { - project_id = var.service_project_2.project_id + +module "service-project" { + source = "./fabric/modules/project" + billing_account = var.billing_account_id + name = "prj1" + prefix = var.prefix + parent = var.folder_id + services = [ + "cloudresourcemanager.googleapis.com", + "compute.googleapis.com", + "iam.googleapis.com", + "serviceusage.googleapis.com" + ] + shared_vpc_service_config = { + host_project = var.project_id } } @@ -211,22 +218,20 @@ module "vpc-host" { } iam = { "roles/compute.networkUser" = [ - local.service_project_1.cloud_services_service_account, - local.service_project_1.gke_service_account + "serviceAccount:${var.service_account.email}" ] "roles/compute.securityAdmin" = [ - local.service_project_1.gke_service_account + "serviceAccount:${var.service_account.email}" ] } } ] shared_vpc_host = true shared_vpc_service_projects = [ - local.service_project_1.project_id, - local.service_project_2.project_id + module.service-project.project_id ] } -# tftest modules=1 resources=9 inventory=shared-vpc.yaml e2e +# tftest modules=2 resources=14 inventory=shared-vpc.yaml e2e ``` ### Private Service Networking diff --git a/tests/examples/variables.tf b/tests/examples/variables.tf index 4901c665..ebdbb155 100644 --- a/tests/examples/variables.tf +++ b/tests/examples/variables.tf @@ -22,10 +22,6 @@ variable "billing_account_id" { default = "123456-123456-123456" } -variable "user_email" { - default = "user1@example.org" -} - variable "group_email" { default = "organization-admins@example.org" } @@ -98,15 +94,3 @@ variable "vpc2" { variable "zone" { default = "zone" } - -variable "service_project_1" { - default = { - project_id = "service-project-1-project-id" - } -} - -variable "service_project_2" { - default = { - project_id = "service-project-2-project-id" - } -} \ No newline at end of file diff --git a/tests/examples_e2e/setup_module/e2e_tests.tfvars.tftpl b/tests/examples_e2e/setup_module/e2e_tests.tfvars.tftpl index ced89dd3..08217a6a 100644 --- a/tests/examples_e2e/setup_module/e2e_tests.tfvars.tftpl +++ b/tests/examples_e2e/setup_module/e2e_tests.tfvars.tftpl @@ -17,17 +17,11 @@ billing_account_id = "${billing_account_id}" kms_key = { id = "${kms_key_id}" } -user_email = "${user_email}" group_email = "${group_email}" organization_id = "organizations/${organization_id}" folder_id = "folders/${folder_id}" +prefix = "${prefix}" project_id = "${project_id}" -service_project_1 = { - project_id = "${service_project_1.project_id}" -} -service_project_2 = { - project_id = "${service_project_2.project_id}" -} region = "${region}" service_account = { id = "${service_account.id}" diff --git a/tests/examples_e2e/setup_module/main.tf b/tests/examples_e2e/setup_module/main.tf index 8004d545..96e37251 100644 --- a/tests/examples_e2e/setup_module/main.tf +++ b/tests/examples_e2e/setup_module/main.tf @@ -26,24 +26,17 @@ locals { "cloudkms.googleapis.com", "cloudresourcemanager.googleapis.com", "compute.googleapis.com", + "dns.googleapis.com", "eventarc.googleapis.com", "iam.googleapis.com", "run.googleapis.com", "secretmanager.googleapis.com", + "servicenetworking.googleapis.com", "serviceusage.googleapis.com", "stackdriver.googleapis.com", "storage-component.googleapis.com", "storage.googleapis.com", "vpcaccess.googleapis.com", - "servicenetworking.googleapis.com", - "dns.googleapis.com", - ] - services-svc = [ - # trimmed down list of services, to be extended as needed - "cloudresourcemanager.googleapis.com", - "compute.googleapis.com", - "iam.googleapis.com", - "serviceusage.googleapis.com", ] } @@ -66,34 +59,6 @@ resource "google_project_service" "project_service" { disable_dependent_services = true } -resource "google_project" "service_project_1" { - name = "${local.prefix}-prj-1" - billing_account = var.billing_account - folder_id = google_folder.folder.id - project_id = "${local.prefix}-prj-1" -} - -resource "google_project_service" "service_project_1_service" { - for_each = toset(local.services-svc) - service = each.value - project = google_project.service_project_1.project_id - disable_dependent_services = true -} - -resource "google_project" "service_project_2" { - name = "${local.prefix}-prj-2" - billing_account = var.billing_account - folder_id = google_folder.folder.id - project_id = "${local.prefix}-prj-2" -} - -resource "google_project_service" "service_project_2_service" { - for_each = toset(local.services-svc) - service = each.value - project = google_project.service_project_2.project_id - disable_dependent_services = true -} - resource "google_storage_bucket" "bucket" { location = var.region name = "${local.prefix}-bucket" @@ -152,17 +117,11 @@ resource "local_file" "terraform_tfvars" { billing_account_id = var.billing_account folder_id = google_folder.folder.folder_id group_email = var.group_email - user_email = var.user_email + prefix = var.prefix kms_key_id = google_kms_crypto_key.key.id organization_id = var.organization_id project_id = google_project.project.project_id - service_project_1 = { - project_id = google_project.service_project_1.project_id - } - service_project_2 = { - project_id = google_project.service_project_2.project_id - } - region = var.region + region = var.region service_account = { id = google_service_account.service_account.id email = google_service_account.service_account.email diff --git a/tests/examples_e2e/setup_module/variables.tf b/tests/examples_e2e/setup_module/variables.tf index 65fabafe..16f110df 100644 --- a/tests/examples_e2e/setup_module/variables.tf +++ b/tests/examples_e2e/setup_module/variables.tf @@ -18,9 +18,6 @@ variable "billing_account" { variable "group_email" { type = string } -variable "user_email" { - type = string -} variable "organization_id" { type = string } diff --git a/tests/modules/net_vpc/examples/shared-vpc.yaml b/tests/modules/net_vpc/examples/shared-vpc.yaml index b6ea0f04..248b1e19 100644 --- a/tests/modules/net_vpc/examples/shared-vpc.yaml +++ b/tests/modules/net_vpc/examples/shared-vpc.yaml @@ -18,12 +18,9 @@ values: project: project-id module.vpc-host.google_compute_shared_vpc_host_project.shared_vpc_host[0]: project: project-id - module.vpc-host.google_compute_shared_vpc_service_project.service_projects["service-project-1-project-id"]: + module.service-project.google_compute_shared_vpc_service_project.shared_vpc_service[0]: host_project: project-id - service_project: service-project-1-project-id - module.vpc-host.google_compute_shared_vpc_service_project.service_projects["service-project-2-project-id"]: - host_project: project-id - service_project: service-project-2-project-id + service_project: test-prj1 module.vpc-host.google_compute_subnetwork.subnetwork["europe-west1/subnet-1"]: secondary_ip_range: - ip_cidr_range: 172.16.0.0/20 @@ -34,7 +31,6 @@ values: condition: [] members: - serviceAccount:service_account_email - # - serviceAccount:gke project: project-id region: europe-west1 role: roles/compute.networkUser @@ -48,9 +44,12 @@ values: role: roles/compute.securityAdmin subnetwork: subnet-1 + counts: google_compute_network: 1 + google_compute_route: 2 google_compute_shared_vpc_host_project: 1 google_compute_shared_vpc_service_project: 2 google_compute_subnetwork: 1 - google_compute_subnetwork_iam_binding: 2 \ No newline at end of file + google_compute_subnetwork_iam_binding: 2 + modules: 2 \ No newline at end of file diff --git a/tests/modules/net_vpc/examples/subnet-iam.yaml b/tests/modules/net_vpc/examples/subnet-iam.yaml index dae2fdd7..8e153837 100644 --- a/tests/modules/net_vpc/examples/subnet-iam.yaml +++ b/tests/modules/net_vpc/examples/subnet-iam.yaml @@ -75,7 +75,6 @@ values: condition: [] members: - group:organization-admins@example.org - - user:user1@example.org project: project-id region: europe-west1 role: roles/compute.networkUser @@ -93,7 +92,7 @@ values: subnetwork: subnet-1 module.vpc.google_compute_subnetwork_iam_member.bindings["subnet-2-iam"]: condition: [] - member: user:user1@example.org + member: group:organization-admins@example.org project: project-id region: europe-west1 role: roles/compute.networkUser