Migrate kms tests

modules/kms/README.md

@@ -56,7 +56,7 @@ module "kms" {
     key-c = { rotation_period = null, labels = { env = "test" } }
   }
 }
-# tftest modules=1 resources=9
+# tftest modules=1 resources=9 inventory=basic.yaml
 ```
 
 ### Crypto key purpose

tests/modules/kms/__init__.py

@@ -1,13 +0,0 @@
-# Copyright 2022 Google LLC
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#      http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.

tests/modules/kms/examples/basic.yaml

@@ -0,0 +1,66 @@
+# Copyright 2023 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+values:
+  module.kms.google_kms_crypto_key.default["key-a"]:
+    labels: null
+    name: key-a
+    purpose: ENCRYPT_DECRYPT
+    rotation_period: null
+    skip_initial_version_creation: null
+  module.kms.google_kms_crypto_key.default["key-b"]:
+    labels: null
+    name: key-b
+    purpose: ENCRYPT_DECRYPT
+    rotation_period: 604800s
+    skip_initial_version_creation: null
+  module.kms.google_kms_crypto_key.default["key-c"]:
+    labels:
+      env: test
+    name: key-c
+    purpose: ENCRYPT_DECRYPT
+    rotation_period: null
+    skip_initial_version_creation: null
+  module.kms.google_kms_crypto_key_iam_binding.default["key-a.roles/cloudkms.admin"]:
+    condition: []
+    members:
+    - user:user3@example.com
+    role: roles/cloudkms.admin
+  module.kms.google_kms_crypto_key_iam_member.default["key-b.roles/cloudkms.cryptoKeyEncrypterDecrypteruser:user4@example.com"]:
+    condition: []
+    member: user:user4@example.com
+    role: roles/cloudkms.cryptoKeyEncrypterDecrypter
+  module.kms.google_kms_crypto_key_iam_member.default["key-b.roles/cloudkms.cryptoKeyEncrypterDecrypteruser:user5@example.com"]:
+    condition: []
+    member: user:user5@example.com
+    role: roles/cloudkms.cryptoKeyEncrypterDecrypter
+  module.kms.google_kms_key_ring.default[0]:
+    location: europe-west1
+    name: test
+    project: my-project
+  module.kms.google_kms_key_ring_iam_member.default["roles/cloudkms.cryptoKeyEncrypterDecrypteruser:user1@example.com"]:
+    condition: []
+    member: user:user1@example.com
+    role: roles/cloudkms.cryptoKeyEncrypterDecrypter
+  module.kms.google_kms_key_ring_iam_member.default["roles/cloudkms.cryptoKeyEncrypterDecrypteruser:user2@example.com"]:
+    condition: []
+    member: user:user2@example.com
+    role: roles/cloudkms.cryptoKeyEncrypterDecrypter
+
+counts:
+  google_kms_crypto_key: 3
+  google_kms_crypto_key_iam_binding: 1
+  google_kms_crypto_key_iam_member: 2
+  google_kms_key_ring: 1
+  google_kms_key_ring_iam_member: 2

tests/modules/kms/examples/purpose.yaml

@@ -0,0 +1,39 @@
+# Copyright 2023 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+values:
+  module.kms.google_kms_crypto_key.default["key-a"]:
+    name: key-a
+    purpose: ENCRYPT_DECRYPT
+  module.kms.google_kms_crypto_key.default["key-b"]:
+    name: key-b
+    purpose: ENCRYPT_DECRYPT
+  module.kms.google_kms_crypto_key.default["key-c"]:
+    name: key-c
+    purpose: ASYMMETRIC_SIGN
+    version_template:
+    - algorithm: EC_SIGN_P384_SHA384
+      protection_level: SOFTWARE
+  module.kms.google_kms_key_ring.default[0]:
+    location: europe-west1
+    name: test
+    project: my-project
+
+counts:
+  google_kms_crypto_key: 3
+  google_kms_key_ring: 1
+  modules: 1
+  resources: 4
+
+outputs: {}

tests/modules/kms/fixture/main.tf

@@ -1,27 +0,0 @@
-/**
- * Copyright 2022 Google LLC
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *      http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-module "test" {
-  source               = "../../../../modules/kms"
-  iam                  = var.iam
-  key_iam              = var.key_iam
-  key_purpose          = var.key_purpose
-  key_purpose_defaults = var.key_purpose_defaults
-  keyring              = var.keyring
-  keyring_create       = var.keyring_create
-  keys                 = var.keys
-  project_id           = var.project_id
-}

tests/modules/kms/fixture/outputs.tf

@@ -1,19 +0,0 @@
-/**
- * Copyright 2022 Google LLC
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *      http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-output "module" {
-  value = module.test
-}

tests/modules/kms/fixture/variables.tf

@@ -1,101 +0,0 @@
-/**
- * Copyright 2022 Google LLC
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *      http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-variable "iam" {
-  type = map(list(string))
-  default = {
-    "roles/owner" = ["user:ludo@ludomagno.net"]
-  }
-}
-
-variable "key_iam" {
-  type = map(map(list(string)))
-  default = {
-    key-a = {
-      "roles/owner" = ["user:ludo@ludomagno.net"]
-    }
-  }
-}
-
-variable "key_purpose" {
-  type = map(object({
-    purpose = string
-    version_template = object({
-      algorithm        = string
-      protection_level = string
-    })
-  }))
-  default = {
-    key-b = {
-      purpose          = "ENCRYPT_DECRYPT"
-      version_template = null
-    }
-    key-c = {
-      purpose = "ASYMMETRIC_SIGN"
-      version_template = {
-        algorithm        = "EC_SIGN_P384_SHA384"
-        protection_level = null
-      }
-    }
-  }
-}
-
-variable "key_purpose_defaults" {
-  type = object({
-    purpose = string
-    version_template = object({
-      algorithm        = string
-      protection_level = string
-    })
-  })
-  default = {
-    purpose          = null
-    version_template = null
-  }
-}
-
-variable "keyring" {
-  type = object({
-    location = string
-    name     = string
-  })
-  default = {
-    location = "europe-west1"
-    name     = "test-module"
-  }
-}
-
-variable "keyring_create" {
-  type    = bool
-  default = true
-}
-
-variable "keys" {
-  type = map(object({
-    rotation_period = string
-    labels          = map(string)
-  }))
-  default = {
-    key-a = null
-    key-b = { rotation_period = "604800s", labels = null }
-    key-c = { rotation_period = null, labels = { env = "test" } }
-  }
-}
-
-variable "project_id" {
-  type    = string
-  default = "my-project"
-}

tests/modules/kms/test_plan.py

@@ -1,25 +0,0 @@
-# Copyright 2022 Google LLC
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#      http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-def test_resources(plan_runner):
-  "Test module resources."
-  _, resources = plan_runner()
-  assert sorted(r['type'] for r in resources) == [
-      'google_kms_crypto_key',
-      'google_kms_crypto_key',
-      'google_kms_crypto_key',
-      'google_kms_crypto_key_iam_binding',
-      'google_kms_key_ring',
-      'google_kms_key_ring_iam_binding'
-  ]