e2e tests for net-vpc-firewall module (#1896)

e2e tests for net-vpc-firewall module
2023-12-01 13:50:56 +01:00 · 2023-12-01 13:50:56 +01:00 · e2d170c1a6
parent 42fa742528
commit e2d170c1a6
8 changed files with 61 additions and 61 deletions
--- a/modules/net-vpc-firewall/README.md
+++ b/modules/net-vpc-firewall/README.md
@ -29,13 +29,13 @@ This is often useful for prototyping or testing infrastructure, allowing open in
 ```hcl
 module "firewall" {
  source     = "./fabric/modules/net-vpc-firewall"
-  project_id = "my-project"
-  network    = "my-network"
+  project_id = var.project_id
+  network    = var.vpc.name
  default_rules_config = {
    admin_ranges = ["10.0.0.0/8"]
  }
 }
-# tftest modules=1 resources=4 inventory=basic.yaml
+# tftest modules=1 resources=4 inventory=basic.yaml e2e
 ```

 ### Custom rules
@ -52,8 +52,8 @@ Some implicit defaults are used in the rules variable types and can be controlle
 ```hcl
 module "firewall" {
  source     = "./fabric/modules/net-vpc-firewall"
-  project_id = "my-project"
-  network    = "my-network"
+  project_id = var.project_id
+  network    = var.vpc.name
  default_rules_config = {
    admin_ranges = ["10.0.0.0/8"]
  }
@ -90,7 +90,7 @@ module "firewall" {
    }
  }
 }
-# tftest modules=1 resources=9 inventory=custom-rules.yaml
+# tftest modules=1 resources=9 inventory=custom-rules.yaml e2e
 ```

 ### Controlling or turning off default rules
@ -109,14 +109,14 @@ Default tags and ranges can be overridden for each protocol, like shown here for
 ```hcl
 module "firewall" {
  source     = "./fabric/modules/net-vpc-firewall"
-  project_id = "my-project"
-  network    = "my-network"
+  project_id = var.project_id
+  network    = var.vpc.name
  default_rules_config = {
    ssh_ranges = ["10.0.0.0/8"]
    ssh_tags   = ["ssh-default"]
  }
 }
-# tftest modules=1 resources=3 inventory=custom-ssh-default-rule.yaml
+# tftest modules=1 resources=3 inventory=custom-ssh-default-rule.yaml e2e
 ```

 #### Disabling predefined rules
@ -126,13 +126,13 @@ Default rules can be disabled individually by specifying an empty set of ranges:
 ```hcl
 module "firewall" {
  source     = "./fabric/modules/net-vpc-firewall"
-  project_id = "my-project"
-  network    = "my-network"
+  project_id = var.project_id
+  network    = var.vpc.name
  default_rules_config = {
    ssh_ranges = []
  }
 }
-# tftest modules=1 resources=2 inventory=no-ssh-default-rules.yaml
+# tftest modules=1 resources=2 inventory=no-ssh-default-rules.yaml e2e
 ```

 Or the entire set of rules can be disabled via the `disabled` attribute:
@ -140,13 +140,13 @@ Or the entire set of rules can be disabled via the `disabled` attribute:
 ```hcl
 module "firewall" {
  source     = "./fabric/modules/net-vpc-firewall"
-  project_id = "my-project"
-  network    = "my-network"
+  project_id = var.project_id
+  network    = var.vpc.name
  default_rules_config = {
    disabled = true
  }
 }
-# tftest modules=0 resources=0 inventory=no-default-rules.yaml
+# tftest modules=0 resources=0 inventory=no-default-rules.yaml e2e
 ```

 ### Including source & destination ranges
@ -156,8 +156,8 @@ Custom rules now support including both source & destination ranges in ingress a
 ```hcl
 module "firewall" {
  source     = "./fabric/modules/net-vpc-firewall"
-  project_id = "my-project"
-  network    = "my-network"
+  project_id = var.project_id
+  network    = var.vpc.name
  default_rules_config = {
    disabled = true
  }
@ -176,7 +176,7 @@ module "firewall" {
    }
  }
 }
-# tftest modules=1 resources=2 inventory=local-ranges.yaml
+# tftest modules=1 resources=2 inventory=local-ranges.yaml e2e
 ```

 ### Rules Factory
@ -186,8 +186,8 @@ The module includes a rules factory (see [Resource Factories](../../blueprints/f
 ```hcl
 module "firewall" {
  source     = "./fabric/modules/net-vpc-firewall"
-  project_id = "my-project"
-  network    = "my-network"
+  project_id = var.project_id
+  network    = var.vpc.name
  factories_config = {
    rules_folder  = "configs/firewall/rules"
    cidr_tpl_file = "configs/firewall/cidrs.yaml"
@ -220,7 +220,7 @@ ingress:
    targets: ["service-2"]
    use_service_accounts: true
    sources:
-      - service-1@my-project.iam.gserviceaccount.com
+      - service-1@project-id.iam.gserviceaccount.com
    rules:
      - protocol: tcp
        ports:
--- a/tests/examples/variables.tf
+++ b/tests/examples/variables.tf
@ -71,7 +71,7 @@ variable "subnet" {

 variable "vpc" {
  default = {
-    name      = "vpc_name"
+    name      = "vpc-name"
    self_link = "projects/xxx/global/networks/aaa"
    id        = "projects/xxx/global/networks/aaa"
  }
@ -79,14 +79,14 @@ variable "vpc" {

 variable "vpc1" {
  default = {
-    name      = "vpc_name"
+    name      = "vpc-name"
    self_link = "projects/xxx/global/networks/bbb"
  }
 }

 variable "vpc2" {
  default = {
-    name      = "vpc2_name"
+    name      = "vpc2-name"
    self_link = "projects/xxx/global/networks/ccc"
  }
 }
--- a/tests/modules/net_vpc_firewall/examples/basic.yaml
+++ b/tests/modules/net_vpc_firewall/examples/basic.yaml
@ -20,10 +20,10 @@ values:
    deny: []
    disabled: null
    log_config: []
-    name: my-network-ingress-admins
-    network: my-network
+    name: vpc-name-ingress-admins
+    network: vpc-name
    priority: 1000
-    project: my-project
+    project: project-id
    source_ranges:
    - 10.0.0.0/8
    source_service_accounts: null
@ -38,10 +38,10 @@ values:
    deny: []
    disabled: null
    log_config: []
-    name: my-network-ingress-tag-http
-    network: my-network
+    name: vpc-name-ingress-tag-http
+    network: vpc-name
    priority: 1000
-    project: my-project
+    project: project-id
    source_ranges:
    - 130.211.0.0/22
    - 209.85.152.0/22
@ -60,10 +60,10 @@ values:
    deny: []
    disabled: null
    log_config: []
-    name: my-network-ingress-tag-https
-    network: my-network
+    name: vpc-name-ingress-tag-https
+    network: vpc-name
    priority: 1000
-    project: my-project
+    project: project-id
    source_ranges:
    - 130.211.0.0/22
    - 209.85.152.0/22
@ -82,10 +82,10 @@ values:
    deny: []
    disabled: null
    log_config: []
-    name: my-network-ingress-tag-ssh
-    network: my-network
+    name: vpc-name-ingress-tag-ssh
+    network: vpc-name
    priority: 1000
-    project: my-project
+    project: project-id
    source_ranges:
    - 35.235.240.0/20
    source_service_accounts: null
--- a/tests/modules/net_vpc_firewall/examples/custom-rules.yaml
+++ b/tests/modules/net_vpc_firewall/examples/custom-rules.yaml
@ -32,9 +32,9 @@ values:
    disabled: false
    log_config: []
    name: allow-egress-rfc1918
-    network: my-network
+    network: vpc-name
    priority: 1000
-    project: my-project
+    project: project-id
    source_ranges: null
    source_service_accounts: null
    source_tags: null
@ -52,9 +52,9 @@ values:
    disabled: false
    log_config: []
    name: allow-egress-tag
-    network: my-network
+    network: vpc-name
    priority: 1000
-    project: my-project
+    project: project-id
    source_ranges: null
    source_service_accounts: null
    source_tags: null
@ -72,9 +72,9 @@ values:
    disabled: false
    log_config: []
    name: allow-ingress-ntp
-    network: my-network
+    network: vpc-name
    priority: 1000
-    project: my-project
+    project: project-id
    source_ranges:
    - 0.0.0.0/0
    source_service_accounts: null
@ -92,9 +92,9 @@ values:
    disabled: false
    log_config: []
    name: allow-ingress-tag
-    network: my-network
+    network: vpc-name
    priority: 1000
-    project: my-project
+    project: project-id
    source_ranges: null
    source_service_accounts: null
    source_tags:
@ -114,9 +114,9 @@ values:
    disabled: false
    log_config: []
    name: deny-egress-all
-    network: my-network
+    network: vpc-name
    priority: 1000
-    project: my-project
+    project: project-id
    source_ranges: null
    source_service_accounts: null
    source_tags: null
--- a/tests/modules/net_vpc_firewall/examples/custom-ssh-default-rule.yaml
+++ b/tests/modules/net_vpc_firewall/examples/custom-ssh-default-rule.yaml
@ -24,10 +24,10 @@ values:
    description: Allow SSH to machines with matching tags.
    disabled: null
    log_config: []
-    name: my-network-ingress-tag-ssh
-    network: my-network
+    name: vpc-name-ingress-tag-ssh
+    network: vpc-name
    priority: 1000
-    project: my-project
+    project: project-id
    source_ranges:
    - 10.0.0.0/8
    source_service_accounts: null
--- a/tests/modules/net_vpc_firewall/examples/factory.yaml
+++ b/tests/modules/net_vpc_firewall/examples/factory.yaml
@ -25,9 +25,9 @@ values:
    disabled: false
    log_config: []
    name: allow-healthchecks
-    network: my-network
+    network: vpc-name
    priority: 1000
-    project: my-project
+    project: project-id
    source_ranges:
    - 130.211.0.0/22
    - 209.85.152.0/22
@ -50,11 +50,11 @@ values:
    disabled: false
    log_config: []
    name: allow-service-1-to-service-2
-    network: my-network
+    network: vpc-name
    priority: 1000
-    project: my-project
+    project: project-id
    source_service_accounts:
-    - service-1@my-project.iam.gserviceaccount.com
+    - service-1@project-id.iam.gserviceaccount.com
    source_tags: null
    target_service_accounts:
    - service-2
@ -72,9 +72,9 @@ values:
    disabled: false
    log_config: []
    name: block-telnet
-    network: my-network
+    network: vpc-name
    priority: 1000
-    project: my-project
+    project: project-id
    source_ranges: null
    source_service_accounts: null
    source_tags: null
--- a/tests/modules/net_vpc_firewall/examples/local-ranges.yaml
+++ b/tests/modules/net_vpc_firewall/examples/local-ranges.yaml
@ -26,9 +26,9 @@ values:
    disabled: false
    log_config: []
    name: allow-ingress-source-destination-ranges
-    network: my-network
+    network: vpc-name
    priority: 1000
-    project: my-project
+    project: project-id
    source_ranges:
    - 172.16.0.0/12
    source_service_accounts: null
@ -47,9 +47,9 @@ values:
    disabled: false
    log_config: []
    name: deny-egress-source-destination-ranges
-    network: my-network
+    network: vpc-name
    priority: 1000
-    project: my-project
+    project: project-id
    source_ranges:
    - 10.132.0.0/20
    - 10.138.0.0/20
--- a/tests/modules/organization/examples/network-tags.yaml
+++ b/tests/modules/organization/examples/network-tags.yaml
@ -18,7 +18,7 @@ values:
    parent: organizations/1122334455
    purpose: GCE_FIREWALL
    purpose_data:
-      network: project-id/vpc_name
+      network: project-id/vpc-name
    short_name: net-environment
    timeouts: null
  module.org.google_tags_tag_key_iam_binding.default["net-environment:roles/resourcemanager.tagAdmin"]: