kovagoadi/hunfabric
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

E2E tests for GCS

Browse Source
This commit is contained in:
Wiktor Niesiobędzki
2023-10-31 09:22:34 +00:00
parent 03bf0b15b3
commit 1fbd018f5f
11 changed files with 93 additions and 51 deletions
Download Patch File Download Diff File Expand all files Collapse all files

89
modules/gcs/README.md
View File

@@ -5,27 +5,55 @@
```hcl
module "bucket" {
source = "./fabric/modules/gcs"
project_id = "myproject"
prefix = "test"
project_id = var.project_id
prefix = var.prefix
name = "my-bucket"
versioning = true
labels = {
cost-center = "devops"
}
}
# tftest modules=1 resources=1 inventory=simple.yaml
# tftest modules=1 resources=1 inventory=simple.yaml e2e
```
### Example with Cloud KMS
```hcl
module "project" {
source = "./fabric/modules/project"
name = var.project_id
project_create = false
}
module "kms" {
source = "./fabric/modules/kms"
project_id = var.project_id
keyring = {
location = "europe" # location of the KMS must match location of the bucket
name = "test"
}
keys = {
bucket_key = {
iam_bindings = {
bucket_key_iam = {
members = ["serviceAccount:${module.project.service_accounts.robots.storage}"]
role = "roles/cloudkms.cryptoKeyEncrypterDecrypter"
}
}
}
}
}
module "bucket" {
source = "./fabric/modules/gcs"
project_id = "myproject"
project_id = var.project_id
prefix = var.prefix
name = "my-bucket"
encryption_key = "my-encryption-key"
encryption_key = module.kms.keys.bucket_key.id
location = "EU"
}
# tftest modules=1 resources=1 inventory=cmek.yaml
# tftest skip e2e
```
### Example with retention policy and logging
@@ -33,7 +61,8 @@ module "bucket" {
```hcl
module "bucket" {
source = "./fabric/modules/gcs"
project_id = "myproject"
project_id = var.project_id
prefix = var.prefix
name = "my-bucket"
retention_policy = {
retention_period = 100
@@ -52,7 +81,8 @@ module "bucket" {
```hcl
module "bucket" {
source = "./fabric/modules/gcs"
project_id = "myproject"
project_id = var.project_id
prefix = var.prefix
name = "my-bucket"
lifecycle_rules = {
lr-0 = {
@@ -66,26 +96,33 @@ module "bucket" {
}
}
}
# tftest modules=1 resources=1 inventory=lifecycle.yaml
# tftest modules=1 resources=1 inventory=lifecycle.yaml e2e
```
### Minimal example with GCS notifications
```hcl
module "project" {
source = "./fabric/modules/project"
name = var.project_id
project_create = false
}
module "bucket-gcs-notification" {
source = "./fabric/modules/gcs"
project_id = "myproject"
project_id = var.project_id
prefix = var.prefix
name = "my-bucket"
notification_config = {
enabled = true
payload_format = "JSON_API_V1"
sa_email = "service-<project-number>@gs-project-accounts.iam.gserviceaccount.com" # GCS SA email must be passed or fetched from projects module.
sa_email = module.project.service_accounts.robots.storage
topic_name = "gcs-notification-topic"
event_types = ["OBJECT_FINALIZE"]
custom_attributes = {}
}
}
# tftest modules=1 resources=4 inventory=notification.yaml
# tftest skip e2e
```
### Example with object upload
@@ -93,17 +130,18 @@ module "bucket-gcs-notification" {
```hcl
module "bucket" {
source = "./fabric/modules/gcs"
project_id = "myproject"
project_id = var.project_id
prefix = var.prefix
name = "my-bucket"
objects_to_upload = {
sample-data = {
name = "example-file.csv"
source = "data/example-file.csv"
source = "assets/example-file.csv"
content_type = "text/csv"
}
}
}
# tftest modules=1 resources=2 inventory=object-upload.yaml
# tftest modules=1 resources=2 inventory=object-upload.yaml e2e
```
### Examples of IAM
@@ -111,24 +149,26 @@ module "bucket" {
```hcl
module "bucket" {
source = "./fabric/modules/gcs"
project_id = "myproject"
project_id = var.project_id
prefix = var.prefix
name = "my-bucket"
iam = {
"roles/storage.admin" = ["group:storage@example.com"]
"roles/storage.admin" = ["group:${var.group_email}"]
}
}
# tftest modules=1 resources=2 inventory=iam-authoritative.yaml
# tftest modules=1 resources=2 inventory=iam-authoritative.yaml e2e
```
```hcl
module "bucket" {
source = "./fabric/modules/gcs"
project_id = "myproject"
project_id = var.project_id
prefix = var.prefix
name = "my-bucket"
iam_bindings = {
storage-admin-with-delegated_roles = {
role = "roles/storage.admin"
members = ["group:storage@example.com"]
members = ["group:${var.group_email}"]
condition = {
title = "delegated-role-grants"
expression = format(
@@ -144,18 +184,19 @@ module "bucket" {
}
}
}
# tftest modules=1 resources=2 inventory=iam-bindings.yaml
# tftest modules=1 resources=2 inventory=iam-bindings.yaml e2e
```
```hcl
module "bucket" {
source = "./fabric/modules/gcs"
project_id = "myproject"
project_id = var.project_id
prefix = var.prefix
name = "my-bucket"
iam_bindings_additive = {
storage-admin-with-delegated_roles = {
role = "roles/storage.admin"
member = "group:storage@example.com"
member = "group:${var.group_email}"
condition = {
title = "delegated-role-grants"
expression = format(
@@ -171,7 +212,7 @@ module "bucket" {
}
}
}
# tftest modules=1 resources=2 inventory=iam-bindings-additive.yaml
# tftest modules=1 resources=2 inventory=iam-bindings-additive.yaml e2e
```
<!-- BEGIN TFDOC -->
## Variables

1
tests/modules/gcs/assets/example-file.csv Normal file
View File

@@ -0,0 +1 @@
example,file
1 example file

8
tests/modules/gcs/examples/cmek.yaml
View File

@@ -14,10 +14,10 @@
values:
module.bucket.google_storage_bucket.bucket:
encryption:
- default_kms_key_name: my-encryption-key
name: my-bucket
project: myproject
# encryption: __missing__
# - default_kms_key_name:
name: test-my-bucket
project: project-id
counts:
google_storage_bucket: 1

8
tests/modules/gcs/examples/iam-authoritative.yaml
View File

@@ -24,8 +24,8 @@ values:
lifecycle_rule: []
location: EU
logging: []
name: my-bucket
project: myproject
name: test-my-bucket
project: project-id
requester_pays: null
retention_policy: []
storage_class: MULTI_REGIONAL
@@ -36,10 +36,10 @@ values:
autoclass:
- enabled: false
module.bucket.google_storage_bucket_iam_binding.authoritative["roles/storage.admin"]:
bucket: my-bucket
bucket: test-my-bucket
condition: []
members:
- group:storage@example.com
- group:organization-admins@example.org
role: roles/storage.admin
counts:

8
tests/modules/gcs/examples/iam-bindings-additive.yaml
View File

@@ -24,8 +24,8 @@ values:
lifecycle_rule: []
location: EU
logging: []
name: my-bucket
project: myproject
name: test-my-bucket
project: project-id
requester_pays: null
retention_policy: []
storage_class: MULTI_REGIONAL
@@ -36,12 +36,12 @@ values:
autoclass:
- enabled: false
module.bucket.google_storage_bucket_iam_member.bindings["storage-admin-with-delegated_roles"]:
bucket: my-bucket
bucket: test-my-bucket
condition:
- description: null
expression: api.getAttribute('iam.googleapis.com/modifiedGrantsByRole', []).hasOnly(['roles/storage.objectAdmin','roles/storage.objectViewer'])
title: delegated-role-grants
member: group:storage@example.com
member: group:organization-admins@example.org
role: roles/storage.admin
counts:

8
tests/modules/gcs/examples/iam-bindings.yaml
View File

@@ -24,8 +24,8 @@ values:
lifecycle_rule: []
location: EU
logging: []
name: my-bucket
project: myproject
name: test-my-bucket
project: project-id
requester_pays: null
retention_policy: []
storage_class: MULTI_REGIONAL
@@ -36,13 +36,13 @@ values:
autoclass:
- enabled: false
module.bucket.google_storage_bucket_iam_binding.bindings["storage-admin-with-delegated_roles"]:
bucket: my-bucket
bucket: test-my-bucket
condition:
- description: null
expression: api.getAttribute('iam.googleapis.com/modifiedGrantsByRole', []).hasOnly(['roles/storage.objectAdmin','roles/storage.objectViewer'])
title: delegated-role-grants
members:
- group:storage@example.com
- group:organization-admins@example.org
role: roles/storage.admin
counts:

4
tests/modules/gcs/examples/lifecycle.yaml
View File

@@ -29,8 +29,8 @@ values:
matches_suffix: []
noncurrent_time_before: ''
num_newer_versions: null
name: my-bucket
project: myproject
name: test-my-bucket
project: project-id
counts:
google_storage_bucket: 1

6
tests/modules/gcs/examples/notification.yaml
View File

@@ -16,10 +16,10 @@ values:
module.bucket-gcs-notification.google_pubsub_topic.topic[0]: {}
module.bucket-gcs-notification.google_pubsub_topic_iam_binding.binding[0]: {}
module.bucket-gcs-notification.google_storage_bucket.bucket:
name: my-bucket
project: myproject
name: test-my-bucket
project: project-id
module.bucket-gcs-notification.google_storage_notification.notification[0]:
bucket: my-bucket
bucket: test-my-bucket
event_types:
- OBJECT_FINALIZE
payload_format: JSON_API_V1

6
tests/modules/gcs/examples/object-upload.yaml
View File

@@ -14,11 +14,11 @@
values:
module.bucket.google_storage_bucket.bucket:
name: my-bucket
project: myproject
name: test-my-bucket
project: project-id
module.bucket.google_storage_bucket_object.objects["sample-data"]:
name: example-file.csv
source: data/example-file.csv
source: assets/example-file.csv
content_type: text/csv
counts:

4
tests/modules/gcs/examples/retention-logging.yaml
View File

@@ -16,8 +16,8 @@ values:
module.bucket.google_storage_bucket.bucket:
logging:
- log_bucket: log-bucket
name: my-bucket
project: myproject
name: test-my-bucket
project: project-id
retention_policy:
- is_locked: true
retention_period: 100

2
tests/modules/gcs/examples/simple.yaml
View File

@@ -26,7 +26,7 @@ values:
location: EU
logging: []
name: test-my-bucket
project: myproject
project: project-id
requester_pays: null
retention_policy: []
storage_class: MULTI_REGIONAL