Implement group membership in compute-vm module (#3816)

* implement group membership in compute-vm module

* fix newline, update copyright

modules/GEMINI.md

@@ -0,0 +1,12 @@
+# Module testing notes
+
+## Generating test inventory files
+
+1. Specify `inventory=filename.yaml` in the `tftest` annotation in `README.md`.
+2. Create the empty inventory file in `tests/modules/<module_name>/examples/` (note the underscore in module name, e.g., `compute_vm`).
+3. Place the standard copyright blurb at the top.
+4. Add `counts: { foo: 1 }` to the inventory file.
+5. Run the specific test using `pytest "tests/examples/test_plan.py::test_example[terraform:modules/<module-name>:Heading Name:Index]"`.
+6. Use the test failure output to replace `counts` with the actual resource types and counts.
+7. Add `values: { foo: 1 }` to the inventory file and run the test again.
+8. Use the output to replace `values` with the actual mapped attributes. Remove unnecessary or overly verbose keys like large instance configurations, and use `{}` for resources where specific values don't need validation.

modules/compute-vm/README.md

@@ -965,6 +965,25 @@ module "instance-group" {
 # tftest inventory=group.yaml e2e
 ```
 
+You can also use the `group` variable to add the instance to an existing unmanaged instance group by providing the group's self link or ID in the `membership` field.
+
+```hcl
+module "instance-group-membership" {
+  source     = "./fabric/modules/compute-vm"
+  project_id = var.project_id
+  zone       = "${var.region}-b"
+  name       = "ilb-test-member"
+  network_interfaces = [{
+    network    = var.vpc.self_link
+    subnetwork = var.subnet.self_link
+  }]
+  group = {
+    membership = "my-existing-group-id"
+  }
+}
+# tftest inventory=group-membership.yaml
+```
+
 ### Instance Schedule and Resource Policies
 
 One instance start and stop schedule can be defined via the `instance_schedule` variable. Note that this requires [additional permissions on Compute Engine Service Agent](https://cloud.google.com/compute/docs/instances/schedule-instance-start-stop#service_agent_required_roles). Already defined resource policies can be set via the `resource_policies` variable.

modules/compute-vm/main.tf

@@ -98,7 +98,7 @@ resource "google_compute_instance_iam_binding" "default" {
 }
 
 resource "google_compute_instance_group" "unmanaged" {
-  count   = var.group != null && !local.is_template ? 1 : 0
+  count   = try(var.group.membership, null) == null && var.group != null && !local.is_template ? 1 : 0
   project = local.project_id
   network = (
     length(var.network_interfaces) > 0
@@ -119,6 +119,14 @@ resource "google_compute_instance_group" "unmanaged" {
   }
 }
 
+resource "google_compute_instance_group_membership" "unmanaged" {
+  count          = try(var.group.membership, null) != null && !local.is_template ? 1 : 0
+  project        = local.project_id
+  zone           = local.zone
+  instance       = google_compute_instance.default[0].self_link
+  instance_group = var.group.membership
+}
+
 resource "google_service_account" "service_account" {
   count        = try(var.service_account.auto_create, null) == true ? 1 : 0
   project      = local.project_id