2-networking - NCC Dataset (#3457)

Dataset for 2-networking which implements a simple NCC full mesh topology with 2 spokes.
2025-10-23 14:59:46 +02:00
parent 23f8326665
commit 393e99194a
32 changed files with 4799 additions and 10 deletions
--- a/tests/fast/stages/s2_networking/ncc.tfvars
+++ b/tests/fast/stages/s2_networking/ncc.tfvars
@@ -0,0 +1,38 @@
+automation = {
+  outputs_bucket = "test"
+}
+billing_account = {
+  id = "000000-111111-222222"
+}
+factories_config = {
+  defaults              = "datasets/hub-and-spokes-ncc/defaults.yaml"
+  dns                   = "datasets/hub-and-spokes-ncc/dns/zones"
+  dns-response-policies = "datasets/hub-and-spokes-ncc/dns/response-policies"
+  firewall-policies     = "datasets/hub-and-spokes-ncc/firewall-policies"
+  folders               = "datasets/hub-and-spokes-ncc/folders"
+  interconnect          = "datasets/hub-and-spokes-ncc/interconnect"
+  ncc-hubs              = "datasets/hub-and-spokes-ncc/ncc-hubs"
+  nvas                  = "datasets/hub-and-spokes-ncc/nvas"
+  projects              = "datasets/hub-and-spokes-ncc/projects"
+  vpcs                  = "datasets/hub-and-spokes-ncc/vpcs"
+}
+
+folder_ids = {
+  "networking"      = "folders/12345678"
+  "networking/prod" = "folders/23456789"
+  "networking/dev"  = "folders/34567890"
+}
+organization = {
+  domain      = "fast.example.com"
+  id          = 123456789012
+  customer_id = "C00000000"
+}
+prefix = "fast"
+service_accounts = {
+  "iac-0/iac-pf-rw" = "iac-pf-rw@test.iam.gserviceaccount.com"
+  "iac-0/iac-pf-ro" = "iac-pf-ro@test.iam.gserviceaccount.com"
+}
+tag_values = {
+  "environment/development" = "tagValues/12345"
+  "environment/production"  = "tagValues/12346"
+}
--- a/tests/fast/stages/s2_networking/ncc.yaml
+++ b/tests/fast/stages/s2_networking/ncc.yaml
--- a/tests/fast/stages/s2_networking/peerings.yaml
+++ b/tests/fast/stages/s2_networking/peerings.yaml
@@ -938,16 +938,16 @@ values:
    target_service_accounts: null
    target_tags: null
    timeouts: null
-  module.firewall_policies["network-policies"].google_compute_firewall_policy.hierarchical[0]:
+  module.firewall_policies["network-policy"].google_compute_firewall_policy.hierarchical[0]:
    description: null
    parent: folders/12345678
-    short_name: network-policies
+    short_name: network-policy
    timeouts: null
-  module.firewall_policies["network-policies"].google_compute_firewall_policy_association.hierarchical["networking"]:
+  module.firewall_policies["network-policy"].google_compute_firewall_policy_association.hierarchical["networking"]:
    attachment_target: folders/12345678
-    name: network-policies-networking
+    name: network-policy-networking
    timeouts: null
-  module.firewall_policies["network-policies"].google_compute_firewall_policy_rule.hierarchical["egress/deny-example-ip"]:
+  module.firewall_policies["network-policy"].google_compute_firewall_policy_rule.hierarchical["egress/deny-example-ip"]:
    action: deny
    description: Allow internal traffic within the VPC
    direction: EGRESS
@@ -976,7 +976,7 @@ values:
    target_service_accounts: null
    timeouts: null
    tls_inspect: null
-  module.firewall_policies["network-policies"].google_compute_firewall_policy_rule.hierarchical["ingress/allow-healthchecks"]:
+  module.firewall_policies["network-policy"].google_compute_firewall_policy_rule.hierarchical["ingress/allow-healthchecks"]:
    action: allow
    description: Enable SSH, HTTP and HTTPS healthchecks
    direction: INGRESS
@@ -1011,7 +1011,7 @@ values:
    target_service_accounts: null
    timeouts: null
    tls_inspect: null
-  module.firewall_policies["network-policies"].google_compute_firewall_policy_rule.hierarchical["ingress/allow-icmp"]:
+  module.firewall_policies["network-policy"].google_compute_firewall_policy_rule.hierarchical["ingress/allow-icmp"]:
    action: allow
    description: Enable ICMP
    direction: INGRESS
@@ -1040,7 +1040,7 @@ values:
    target_service_accounts: null
    timeouts: null
    tls_inspect: null
-  module.firewall_policies["network-policies"].google_compute_firewall_policy_rule.hierarchical["ingress/allow-nat-ranges"]:
+  module.firewall_policies["network-policy"].google_compute_firewall_policy_rule.hierarchical["ingress/allow-nat-ranges"]:
    action: allow
    description: Enable NAT ranges for VPC serverless connector
    direction: INGRESS
@@ -1070,7 +1070,7 @@ values:
    target_service_accounts: null
    timeouts: null
    tls_inspect: null
-  module.firewall_policies["network-policies"].google_compute_firewall_policy_rule.hierarchical["ingress/allow-ssh-from-iap"]:
+  module.firewall_policies["network-policy"].google_compute_firewall_policy_rule.hierarchical["ingress/allow-ssh-from-iap"]:
    action: allow
    description: Enable SSH from IAP
    direction: INGRESS
--- a/tests/fast/stages/s2_networking/tftest.yaml
+++ b/tests/fast/stages/s2_networking/tftest.yaml
@@ -16,3 +16,4 @@ module: fast/stages/2-networking

 tests:
  peerings:
+  ncc: