Implement group membership in compute-vm module (#3816)

* implement group membership in compute-vm module * fix newline, update copyright
2026-03-27 08:56:07 +01:00
parent 2fe082f7d1
commit 44d00ed670
4 changed files with 66 additions and 1 deletions
--- a/modules/GEMINI.md
+++ b/modules/GEMINI.md
@@ -0,0 +1,12 @@
+# Module testing notes
+
+## Generating test inventory files
+
+1. Specify `inventory=filename.yaml` in the `tftest` annotation in `README.md`.
+2. Create the empty inventory file in `tests/modules/<module_name>/examples/` (note the underscore in module name, e.g., `compute_vm`).
+3. Place the standard copyright blurb at the top.
+4. Add `counts: { foo: 1 }` to the inventory file.
+5. Run the specific test using `pytest "tests/examples/test_plan.py::test_example[terraform:modules/<module-name>:Heading Name:Index]"`.
+6. Use the test failure output to replace `counts` with the actual resource types and counts.
+7. Add `values: { foo: 1 }` to the inventory file and run the test again.
+8. Use the output to replace `values` with the actual mapped attributes. Remove unnecessary or overly verbose keys like large instance configurations, and use `{}` for resources where specific values don't need validation.
--- a/modules/compute-vm/README.md
+++ b/modules/compute-vm/README.md
@@ -965,6 +965,25 @@ module "instance-group" {
 # tftest inventory=group.yaml e2e
 ```

+You can also use the `group` variable to add the instance to an existing unmanaged instance group by providing the group's self link or ID in the `membership` field.
+
+```hcl
+module "instance-group-membership" {
+  source     = "./fabric/modules/compute-vm"
+  project_id = var.project_id
+  zone       = "${var.region}-b"
+  name       = "ilb-test-member"
+  network_interfaces = [{
+    network    = var.vpc.self_link
+    subnetwork = var.subnet.self_link
+  }]
+  group = {
+    membership = "my-existing-group-id"
+  }
+}
+# tftest inventory=group-membership.yaml
+```
+
 ### Instance Schedule and Resource Policies

 One instance start and stop schedule can be defined via the `instance_schedule` variable. Note that this requires [additional permissions on Compute Engine Service Agent](https://cloud.google.com/compute/docs/instances/schedule-instance-start-stop#service_agent_required_roles). Already defined resource policies can be set via the `resource_policies` variable.
--- a/modules/compute-vm/main.tf
+++ b/modules/compute-vm/main.tf
@@ -98,7 +98,7 @@ resource "google_compute_instance_iam_binding" "default" {
 }

 resource "google_compute_instance_group" "unmanaged" {
-  count   = var.group != null && !local.is_template ? 1 : 0
+  count   = try(var.group.membership, null) == null && var.group != null && !local.is_template ? 1 : 0
  project = local.project_id
  network = (
    length(var.network_interfaces) > 0
@@ -119,6 +119,14 @@ resource "google_compute_instance_group" "unmanaged" {
  }
 }

+resource "google_compute_instance_group_membership" "unmanaged" {
+  count          = try(var.group.membership, null) != null && !local.is_template ? 1 : 0
+  project        = local.project_id
+  zone           = local.zone
+  instance       = google_compute_instance.default[0].self_link
+  instance_group = var.group.membership
+}
+
 resource "google_service_account" "service_account" {
  count        = try(var.service_account.auto_create, null) == true ? 1 : 0
  project      = local.project_id
--- a/tests/modules/compute_vm/examples/group-membership.yaml
+++ b/tests/modules/compute_vm/examples/group-membership.yaml
@@ -0,0 +1,26 @@
+# Copyright 2026 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+values:
+  module.instance-group-membership.google_compute_instance.default[0]: {}
+  module.instance-group-membership.google_compute_instance_group_membership.unmanaged[0]:
+    instance_group: my-existing-group-id
+    project: project-id
+    timeouts: null
+    zone: europe-west8-b
+
+counts:
+  google_compute_instance: 1
+  google_compute_instance_group_membership: 1
+