kovagoadi/hunfabric
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Update folders module to Terraform 0.13

Browse Source 
With this commit the folders module (now called simply 'folder') only
creates a single google_folder resource. Support for creating multiple
folders is no longer needed since Terraform 0.13 added for_each support
to modules.
This commit is contained in:
Julio Castillo
2020-10-20 15:41:03 +02:00
parent 7ab87d0790
commit 2e7876b4c7
14 changed files with 163 additions and 241 deletions
Download Patch File Download Diff File Expand all files Collapse all files

27
tests/foundations/environments/test_plan.py
View File

@@ -23,16 +23,16 @@ FIXTURES_DIR = os.path.join(os.path.dirname(__file__), 'fixture')
def test_folder_roles(plan_runner):
"Test folder roles."
_, modules = plan_runner(FIXTURES_DIR, is_module=False)
resources = modules['module.test.module.environment-folders']
folders = [r for r in resources if r['type'] == 'google_folder']
assert len(folders) == 2
assert set(r['values']['display_name']
for r in folders) == set(['prod', 'test'])
bindings = [r['index'].split('-')
for r in resources if r['type'] == 'google_folder_iam_binding']
assert len(bindings) == 10
assert set(b[0] for b in bindings) == set(['prod', 'test'])
assert len(set(b[1] for b in bindings)) == 5
for env in ["test", "prod"]:
resources = modules[f'module.test.module.environment-folders["{env}"]']
folders = [r for r in resources if r['type'] == 'google_folder']
assert len(folders) == 1
folder = folders[0]
assert folder['values']['display_name'] == env
bindings = [r['index']
for r in resources if r['type'] == 'google_folder_iam_binding']
assert len(bindings) == 5
def test_org_roles(plan_runner):
@@ -42,12 +42,13 @@ def test_org_roles(plan_runner):
'iam_xpn_config': '{grant = true, target_org = true}'
}
_, modules = plan_runner(FIXTURES_DIR, is_module=False, **vars)
resources = modules['module.test.module.environment-folders']
folder_bindings = [r['index'].split('-')
resources = (modules['module.test.module.environment-folders["test"]'] +
modules['module.test.module.environment-folders["prod"]'])
folder_bindings = [r['index']
for r in resources if r['type'] == 'google_folder_iam_binding']
assert len(folder_bindings) == 8
resources = modules['module.test.module.tf-service-accounts']
org_bindings = [r['index'].split('-')
for r in resources if r['type'] == 'google_organization_iam_member']
assert len(org_bindings) == 4
assert set(b[0] for b in org_bindings) == set(['prod', 'test'])
assert {b[0] for b in org_bindings} == {'prod', 'test'}

4
tests/modules/folders/fixture/main.tf
View File

@@ -15,9 +15,9 @@
*/
module "test" {
source = "../../../../modules/folders"
source = "../../../../modules/folder"
parent = "organizations/12345678"
names = ["folder-a", "folder-b"]
name = "folder-a"
iam_members = var.iam_members
iam_roles = var.iam_roles
policy_boolean = var.policy_boolean

8
tests/modules/folders/fixture/variables.tf
View File

@@ -15,13 +15,13 @@
*/
variable "iam_members" {
type = map(map(list(string)))
default = null
type = map(list(string))
default = {}
}
variable "iam_roles" {
type = map(list(string))
default = null
type = list(string)
default = []
}
variable "policy_boolean" {

53
tests/modules/folders/test_plan.py
View File

@@ -23,27 +23,48 @@ FIXTURES_DIR = os.path.join(os.path.dirname(__file__), 'fixture')
def test_folder(plan_runner):
"Test folder resources."
_, resources = plan_runner(FIXTURES_DIR)
assert len(resources) == 2
assert set(r['type'] for r in resources) == set(['google_folder'])
assert set(r['values']['display_name'] for r in resources) == set([
'folder-a', 'folder-b'
])
assert set(r['values']['parent'] for r in resources) == set([
'organizations/12345678'
])
assert len(resources) == 1
resource = resources[0]
assert resource['type'] == 'google_folder'
assert resource['values']['display_name'] == 'folder-a'
assert resource['values']['parent'] == 'organizations/12345678'
def test_iam_roles_only(plan_runner):
"Test folder resources with only iam roles passed."
_, resources = plan_runner(
FIXTURES_DIR, iam_roles='{folder-a = [ "roles/owner"]}')
assert len(resources) == 3
_, resources = plan_runner(FIXTURES_DIR,
iam_roles='["roles/owner"]')
assert len(resources) == 2
def test_iam(plan_runner):
"Test folder resources with iam roles and members."
iam_roles = '{folder-a = ["roles/owner"], folder-b = ["roles/viewer"]}'
iam_members = '{folder-a = { "roles/owner" = ["user:a@b.com"] }}'
_, resources = plan_runner(
FIXTURES_DIR, iam_roles=iam_roles, iam_members=iam_members)
assert len(resources) == 4
iam_roles = '["roles/owner"]'
iam_members = '{"roles/owner" = ["user:a@b.com"] }'
_, resources = plan_runner(FIXTURES_DIR,
iam_roles=iam_roles,
iam_members=iam_members)
assert len(resources) == 2
def test_iam_multiple_members(plan_runner):
"Test folder resources with multiple iam members."
iam_roles = '["roles/owner"]'
iam_members = '{"roles/owner" = ["user:a@b.com", "user:c@d.com"] }'
_, resources = plan_runner(FIXTURES_DIR,
iam_roles=iam_roles,
iam_members=iam_members)
assert len(resources) == 2
def test_iam_multiple_roles(plan_runner):
"Test folder resources with multiple iam roles."
iam_roles = '["roles/owner", "roles/viewer"]'
iam_members = (
'{ '
'"roles/owner" = ["user:a@b.com"], '
'"roles/viewer" = ["user:c@d.com"] '
'} '
)
_, resources = plan_runner(FIXTURES_DIR,
iam_roles=iam_roles,
iam_members=iam_members)
assert len(resources) == 3

47
tests/modules/folders/test_plan_org_policies.py
View File

@@ -24,16 +24,14 @@ def test_policy_boolean(plan_runner):
"Test boolean folder policy."
policy_boolean = '{policy-a = true, policy-b = false, policy-c = null}'
_, resources = plan_runner(FIXTURES_DIR, policy_boolean=policy_boolean)
assert len(resources) == 8
assert len(resources) == 4
resources = [r for r in resources if r['type']
== 'google_folder_organization_policy']
assert sorted([r['index'] for r in resources]) == [
'folder-a-policy-a',
'folder-a-policy-b',
'folder-a-policy-c',
'folder-b-policy-a',
'folder-b-policy-b',
'folder-b-policy-c'
'policy-a',
'policy-b',
'policy-c',
]
policy_values = []
for resource in resources:
@@ -42,12 +40,9 @@ def test_policy_boolean(plan_runner):
if value:
policy_values.append((resource['index'], policy,) + value[0].popitem())
assert sorted(policy_values) == [
('folder-a-policy-a', 'boolean_policy', 'enforced', True),
('folder-a-policy-b', 'boolean_policy', 'enforced', False),
('folder-a-policy-c', 'restore_policy', 'default', True),
('folder-b-policy-a', 'boolean_policy', 'enforced', True),
('folder-b-policy-b', 'boolean_policy', 'enforced', False),
('folder-b-policy-c', 'restore_policy', 'default', True)
('policy-a', 'boolean_policy', 'enforced', True),
('policy-b', 'boolean_policy', 'enforced', False),
('policy-c', 'restore_policy', 'default', True),
]
@@ -61,26 +56,20 @@ def test_policy_list(plan_runner):
'}'
)
_, resources = plan_runner(FIXTURES_DIR, policy_list=policy_list)
assert len(resources) == 8
assert len(resources) == 4
resources = [r for r in resources if r['type']
== 'google_folder_organization_policy']
assert sorted([r['index'] for r in resources]) == [
'folder-a-policy-a',
'folder-a-policy-b',
'folder-a-policy-c',
'folder-b-policy-a',
'folder-b-policy-b',
'folder-b-policy-c'
'policy-a',
'policy-b',
'policy-c',
]
values = [r['values'] for r in resources]
assert [r['constraint'] for r in values] == [
'policy-a', 'policy-b', 'policy-c', 'policy-a', 'policy-b', 'policy-c'
'policy-a', 'policy-b', 'policy-c'
]
for i in (0, 3):
assert values[i]['list_policy'][0]['allow'] == [
{'all': True, 'values': None}]
for i in (1, 4):
assert values[i]['list_policy'][0]['deny'] == [
{'all': False, 'values': ["bar"]}]
for i in (2, 5):
assert values[i]['restore_policy'] == [{'default': True}]
assert values[0]['list_policy'][0]['allow'] == [
{'all': True, 'values': None}]
assert values[1]['list_policy'][0]['deny'] == [
{'all': False, 'values': ["bar"]}]
assert values[2]['restore_policy'] == [{'default': True}]