diff --git a/tests/foundations/business-units/__init__.py b/tests/foundations/business-units/__init__.py new file mode 100644 index 00000000..47be2ee2 --- /dev/null +++ b/tests/foundations/business-units/__init__.py @@ -0,0 +1,13 @@ +# Copyright 2019 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. diff --git a/tests/foundations/business-units/conftest.py b/tests/foundations/business-units/conftest.py new file mode 100644 index 00000000..d00369d6 --- /dev/null +++ b/tests/foundations/business-units/conftest.py @@ -0,0 +1,34 @@ +# Copyright 2019 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +"Plan fixture." + +import os + +import pytest +import tftest + + +_ABSPATH = os.path.dirname(os.path.abspath(__file__)).split(os.path.sep) +_TFDIR = os.path.sep.join(_ABSPATH[-2:]) + + +# TODO(ludoo): generalize and put in top-level package + +@pytest.fixture(scope='session') +def plan(): + tf = tftest.TerraformTest(_TFDIR, os.path.sep.join(_ABSPATH[:-3]), + os.environ.get('TERRAFORM', 'terraform')) + tf.setup(extra_files=['tests/{}/terraform.tfvars'.format(_TFDIR)]) + return tf.plan_out(parsed=True) diff --git a/tests/foundations/business-units/terraform.tfvars b/tests/foundations/business-units/terraform.tfvars new file mode 100644 index 00000000..199cdc94 --- /dev/null +++ b/tests/foundations/business-units/terraform.tfvars @@ -0,0 +1,9 @@ +billing_account_id = "012345-ABCDEF-012345" +business_unit_1_name = "infra" +business_unit_2_name = "analytics" +business_unit_3_name = "data" +environments = ["dev", "test"] +generate_service_account_keys = true +organization_id = "012345678919" +prefix = "fabric-org-env-3" +root_node = "folders/0123456789" diff --git a/tests/foundations/business-units/test_folders.py b/tests/foundations/business-units/test_folders.py new file mode 100644 index 00000000..538b4842 --- /dev/null +++ b/tests/foundations/business-units/test_folders.py @@ -0,0 +1,38 @@ +# Copyright 2019 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +"Test shared and business-units folders" + + +import pytest + + +def test_shared_folder(plan): + "Shared folder resource attributes must match variables." + root_node = plan.variables['root_node'] + resource = plan.modules['module.shared-folder']['module.shared-folder.google_folder.folders[0]'] + assert resource['values']['parent'] == root_node + assert resource['values']['display_name'] == 'shared' + + +def test_business_unit_folders(plan): + "Business Unit folder resource attributes must match variables." + folder_resource_addresses = ['module.business-unit-%s-folders.module.business-unit-folder.google_folder.folders[0]' % + num for num in (1,2,3)] + root_node = plan.variables['root_node'] + business_unit_names = [plan.variables[name] for name in ('business_unit_1_name', 'business_unit_2_name', 'business_unit_3_name')] + for address in folder_resource_addresses: + resource = plan.resource_changes[address] + assert resource['change']['after']['parent'] == root_node + assert resource['change']['after']['display_name'] in business_unit_names diff --git a/tests/foundations/business-units/test_outputs.py b/tests/foundations/business-units/test_outputs.py new file mode 100644 index 00000000..a24693bf --- /dev/null +++ b/tests/foundations/business-units/test_outputs.py @@ -0,0 +1,48 @@ +# Copyright 2019 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +"Test root module outputs." + + +def test_project_ids(plan): + "Project ids should use prefix and match expected values." + prefix = plan.variables['prefix'] + assert plan.outputs['audit_logs_project'] == prefix + '-audit' + assert plan.outputs['shared_resources_project'] == prefix + '-shared' + assert plan.outputs['terraform_project'] == prefix + '-terraform' + + +def test_bucket_names(plan): + "GCS bucket names should use prefix and location and match expected values." + location = plan.variables['gcs_location'].lower() + prefix = plan.variables['prefix'] + bootstrap_bucket = plan.outputs['bootstrap_tf_gcs_bucket'] + assert bootstrap_bucket.startswith(prefix) + assert bootstrap_bucket.endswith('tf-bootstrap') + assert '-%s-' % location in bootstrap_bucket + + +def test_environment_buckets(plan): + "One GCS bucket should be created for each environment." + buckets = plan.outputs['environment_tf_gcs_buckets'] + for environment in plan.variables['environments']: + assert environment in buckets + assert buckets[environment].endswith(environment) + + +def test_bq_dataset(plan): + "Bigquery dataset should be named in the following way 'logs_audit__'" + root_node_type = plan.variables['root_node'].split("/")[0][:-1] + root_node_numeric_id = plan.variables['root_node'].split("/")[1] + assert plan.outputs['audit_logs_bq_dataset'] == 'logs_audit_' + root_node_type + '_' + root_node_numeric_id diff --git a/tests/foundations/business-units/test_projects.py b/tests/foundations/business-units/test_projects.py new file mode 100644 index 00000000..0d2611cc --- /dev/null +++ b/tests/foundations/business-units/test_projects.py @@ -0,0 +1,44 @@ +# Copyright 2019 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +"Test project creation in root module." + + +import pytest + + +@pytest.fixture(scope='module') +def project_modules(plan): + names = ['module.project-%s' % + name for name in ('audit', 'shared-resources', 'tf')] + return dict((name, plan.modules[name]) for name in names) + + +def test_project_resource(plan, project_modules): + "Project resource attributes must match variables." + billing_account = plan.variables['billing_account_id'] + project_names = ['%s-%s' % + (plan.variables['prefix'], name) for name in ('shared', 'terraform', 'audit')] + for name, mod in project_modules.items(): + resource = mod['%s.google_project.project' % name] + assert resource['values']['billing_account'] == billing_account + assert resource['values']['name'] in project_names + + +def test_project_services(plan, project_modules): + "Project service resource must enable APIs specified in the variable." + services = plan.variables['project_services'] + for name, mod in project_modules.items(): + resource = mod['%s.google_project_services.services[0]' % name] + assert resource['values']['services'] == services diff --git a/tests/foundations/business-units/test_service_accounts.py b/tests/foundations/business-units/test_service_accounts.py new file mode 100644 index 00000000..694e145b --- /dev/null +++ b/tests/foundations/business-units/test_service_accounts.py @@ -0,0 +1,33 @@ +# Copyright 2019 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +"Test service account creation in root module." + + +import pytest + + +@pytest.fixture(scope='module') +def mod(plan): + return plan.modules['module.service-accounts-tf-environments'] + + +def test_accounts(plan, mod): + "One service account per environment should be created." + environments = plan.variables['environments'] + prefix = plan.variables['prefix'] + resources = [v for k, v in mod.items() if '.google_service_account.' in k] + assert len(resources) == len(environments) + assert sorted([res['values']['account_id'] for res in resources]) == sorted([ + '%s-%s' % (prefix, env) for env in environments])